Overview

overview

10

Static

static

3

d1c1436fcb...38.exe

windows7-x64

10

d1c1436fcb...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2023 02:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38.exe

  • Size

    253KB

  • MD5

    d5b47e416d7a06febe582f4b00b65367

  • SHA1

    ea205f12d9fdf13b884f22454de514496a0b3865

  • SHA256

    d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38

  • SHA512

    0ac7a9bec2d49457ba1f7d4c6de74ff41ce9132fc2cb141a713e23cdb5e4ab1a8e0a96ac27adaa8911e1ee08829bff4f4f541fb954f187ed2717e476377f1565

  • SSDEEP

    3072:vKLEBiLgtH0uX2ETlYKfRpjojDPyucx5CKAwlg:iLE3NX2iSTfKucWKA

Score
10/10
smokeloadersummbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

summ

Extracted

Family

smokeloader

Version

2022

C2

http://stalagmijesarl.com/

http://ukdantist-sarl.com/

http://cpcorprotationltd.com/
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38.exe
    "C:\Users\Admin\AppData\Local\Temp\d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13db2405a0d20e1960eda888e11815f0

    SHA1

    c11bf994c7eaaf00d5e5b58960975abe383155ea

    SHA256

    6e8c00cc361ee597916018c5dcf5d2a28edd8c3fd466f7a06600c9e73cb71bdf

    SHA512

    0e78d43c2ae78432002d2ac23c1eb3768364a0e223dbdefd210e7e2ee41e0738f1a7504cc552a7cd4591f8ab6ed844b03819104fdaa4c1963d363538e6e1c8f7

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab14DA.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar1589.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • memory/1236-58-0x0000000002B50000-0x0000000002B66000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2772-54-0x0000000000660000-0x0000000000760000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2772-55-0x0000000000220000-0x0000000000229000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2772-56-0x0000000000400000-0x00000000005BD000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2772-62-0x0000000000220000-0x0000000000229000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2772-59-0x0000000000400000-0x00000000005BD000-memory.dmp
    Filesize

    1.7MB

    Download