Overview

overview

10

Static

static

1

375798f974...36.vbs

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10617171407.zip

  • Size

    9KB

  • Sample

    230603-xbc4wsaa9z

  • MD5

    ca2c299e67625f8eb40e1aff102362db

  • SHA1

    cc24db785fd087eceae05e52eec87372d666b550

  • SHA256

    24412f9b29d01c40e1ba7dc688b347f3343727633e5242eeaaf517d99db31a4d

  • SHA512

    8fe9a04e161d88aa7b51c66ecf74bad4438cf58a42ca11770081f1188692d51650cc0fb4580da94fa8a24afe2a095697bb148ed98dc43b145bf223e9ebb2d7da

  • SSDEEP

    192:Z9WKSi64hmQydqIzpqaP5dOQifaCPcLxsWU9OF61XP6evr0t7GTd+aNrtXW:Z9WKd/AF1qAanaCkFsDK6P6e6qd+ktG

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://americanocoffea.ru

Extracted

Family

smokeloader

Version

2022

C2

http://polinamailserverip.ru/

http://lamazone.site/

http://criticalosl.tech/

http://maximprofile.net/

http://zaliphone.com/

http://humanitarydp.ug/

http://zaikaopentra.com.ug/

http://zaikaopentra-com-ug.online/

http://infomalilopera.ru/

http://jskgdhjkdfhjdkjhd844.ru/

http://jkghdj2993jdjjdjd.ru/

http://kjhgdj99fuller.ru/

http://azartnyjboy.com/

http://zalamafiapopcultur.eu/

http://hopentools.site/

http://kismamabeforyougo.com/

http://kissmafiabeforyoudied.eu/

http://gondurasonline.ug/

http://nabufixservice.name/

http://filterfullproperty.ru/
rc4.i32
rc4.i32

Targets

    • Target

      375798f97452cb9143ffb08922bebb13eb6bb0c27a101ebc568a3e5295361936

    • Size

      22KB

    • MD5

      642917731c4f19a1b7a1fab2333a84d2

    • SHA1

      742e8e1701b03a0638eec505e17ad453a612ac5e

    • SHA256

      375798f97452cb9143ffb08922bebb13eb6bb0c27a101ebc568a3e5295361936

    • SHA512

      e27262555ca391e255200f5da4421ebd991ed1ff6399e82ed5f0ef76ced2d6e508fa96d4d23c62901e4eb55c21f0e131713669f1a39351ea1e4836c9cea593dd

    • SSDEEP

      384:Ym0ICzXSsFmDFFlhPAO0SBVNKemRJ0pIu+5B70VVa4EdPBS0d928DYGm3Mq:Y7UZL0ouNia4y7/sVL

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks