Overview

overview

10

Static

static

10

0x00070000...01.exe

windows7-x64

10

0x00070000...01.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0x0007000000015c2d-101.dat

  • Size

    32KB

  • Sample

    230720-mgt99aff44

  • MD5

    2d91d81ac965bfeb635da7ad8cfe7c65

  • SHA1

    44f1d984702dde8f182f6491d71c8912160a8c63

  • SHA256

    7fbf96cc89463da90fa962ea3ff11cebd0d742176e669631019787fe9c9e1430

  • SHA512

    899f9ba01b937f3dbc5ed38bd4f43a7f91f167841f23ddac6dfc3d8c4ccfae25c169c0bb77aa555b25bdc37f062cda122791211e664846cbc2ce75bb19c55d4b

  • SSDEEP

    384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Targets

    • Target

      0x0007000000015c2d-101.dat

    • Size

      32KB

    • MD5

      2d91d81ac965bfeb635da7ad8cfe7c65

    • SHA1

      44f1d984702dde8f182f6491d71c8912160a8c63

    • SHA256

      7fbf96cc89463da90fa962ea3ff11cebd0d742176e669631019787fe9c9e1430

    • SHA512

      899f9ba01b937f3dbc5ed38bd4f43a7f91f167841f23ddac6dfc3d8c4ccfae25c169c0bb77aa555b25bdc37f062cda122791211e664846cbc2ce75bb19c55d4b

    • SSDEEP

      384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks