Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2023 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adbe7a6a87ed8acc591a850031d9dfd8f70399a5bee4d749ebd68d120d195695.exe

  • Size

    321KB

  • MD5

    30ff060017187bb4b3d03a131a07182b

  • SHA1

    4e3d0cace04c9de5041f5c947cacfb2ffc57cfe4

  • SHA256

    adbe7a6a87ed8acc591a850031d9dfd8f70399a5bee4d749ebd68d120d195695

  • SHA512

    23343e03f7c5752effedfb842e71ab7852de3f55267728130e67d0e8cab8f9af97d2abe4a41f0261ce6e9580e1fce1204b677f62a764b64749a856c1768e2103

  • SSDEEP

    3072:7bLJL7l1YVVVlFhjHUMeLGN/pKHojv7URsR9iFITEFDRFMWjkK9:7hh1YVVnnU/C1MOjhv8FDT

Score
10/10
smokeloader0020backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

0020

Extracted

Family

smokeloader

Version

2022

C2

https://nebraska-pizza.com/search.php

https://alaska-ships.com/search.php
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adbe7a6a87ed8acc591a850031d9dfd8f70399a5bee4d749ebd68d120d195695.exe
    "C:\Users\Admin\AppData\Local\Temp\adbe7a6a87ed8acc591a850031d9dfd8f70399a5bee4d749ebd68d120d195695.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1348-57-0x0000000002A70000-0x0000000002A86000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1348-65-0x000007FEF5D30000-0x000007FEF5E73000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1348-66-0x000007FE96450000-0x000007FE9645A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1348-67-0x000007FEF5D30000-0x000007FEF5E73000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3012-54-0x0000000002490000-0x0000000002590000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3012-55-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3012-56-0x0000000000400000-0x00000000022F7000-memory.dmp

    Filesize

    31.0MB

    Download

  • memory/3012-58-0x0000000000400000-0x00000000022F7000-memory.dmp

    Filesize

    31.0MB

    Download

  • memory/3012-61-0x0000000000220000-0x0000000000229000-memory.dmp

    Filesize

    36KB

    Download