smokeloader | 19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8 | Triage

Resubmissions

26-06-2023 05:08

230626-fsw5nage98 10

26-06-2023 04:47

230626-feqqqahe41 10

Sharing

General

Target

19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8
Size

220KB
Sample

230626-feqqqahe41
MD5

8d7ebe871589d79f195f240dcef43a57
SHA1

f5315edc9bfeb6f37c9df6ad1f10cb3363412d96
SHA256

19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8
SHA512

244be66bb480d320ef6d5cbfcd21e526a53726397c1fc4b512935bc50039b0bb773e3f12fd53910d3da9e69ebb8e3fd1a56d22d2fcb2e090c93c9759cdc497cd
SSDEEP

3072:/M8Ejf0TGpNkCdEjDOCARNT4Hxh6skqg2d1vIH+J3Ul:DEj9ICdEjDgt4RuW1vg

Score

10^/10

smokeloader systembc backdoor persistence trojan

Malware Config

Extracted

Family

systembc

C2

adstat277xm.xyz:4044

demstat377xm.xyz:4044

Targets

- Target
  
  19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8
- Size
  
  220KB
- MD5
  
  8d7ebe871589d79f195f240dcef43a57
- SHA1
  
  f5315edc9bfeb6f37c9df6ad1f10cb3363412d96
- SHA256
  
  19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8
- SHA512
  
  244be66bb480d320ef6d5cbfcd21e526a53726397c1fc4b512935bc50039b0bb773e3f12fd53910d3da9e69ebb8e3fd1a56d22d2fcb2e090c93c9759cdc497cd
- SSDEEP
  
  3072:/M8Ejf0TGpNkCdEjDOCARNT4Hxh6skqg2d1vIH+J3Ul:DEj9ICdEjDgt4RuW1vg
Score

10^/10

smokeloader systembc backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersystembcbackdoorpersistencetrojan

behavioral2

smokeloadersystembcbackdoorpersistencetrojan