Overview

overview

10

Static

static

3

d8b2bb8615...05.exe

windows7-x64

10

d8b2bb8615...05.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d8b2bb861557541b4848532a6a9cd005.exe

  • Size

    259KB

  • Sample

    230723-wwfj3sgc3w

  • MD5

    d8b2bb861557541b4848532a6a9cd005

  • SHA1

    f051c0e60a501dbf71c9900844595cc343905f7b

  • SHA256

    ed5bb7322e02c65a989222913dcdd418509cd35578009fd5e578d1990cac527d

  • SHA512

    217124d3ffb0dc5f80e0a45adb649343156bc834f0ddf2078b2fcb95c341179ba48756a0962e171cc0a08be8037aa35ba120c8ba1f134271fa96993146f71019

  • SSDEEP

    3072:F3UUqemKFDevdHt9xuzmscua2OfuhufKzY3HuX/C5EBn:VaK6v1Lszmaa2OWUfmYXuX/C5EB

Score
10/10
smokeloaderpub1backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      d8b2bb861557541b4848532a6a9cd005.exe

    • Size

      259KB

    • MD5

      d8b2bb861557541b4848532a6a9cd005

    • SHA1

      f051c0e60a501dbf71c9900844595cc343905f7b

    • SHA256

      ed5bb7322e02c65a989222913dcdd418509cd35578009fd5e578d1990cac527d

    • SHA512

      217124d3ffb0dc5f80e0a45adb649343156bc834f0ddf2078b2fcb95c341179ba48756a0962e171cc0a08be8037aa35ba120c8ba1f134271fa96993146f71019

    • SSDEEP

      3072:F3UUqemKFDevdHt9xuzmscua2OfuhufKzY3HuX/C5EBn:VaK6v1Lszmaa2OWUfmYXuX/C5EB

    Score
    10/10
    smokeloaderpub1backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks