smokeloader | a1e21180b104f0b1cc05fcebd9a9f32c9820f7704693822df06c91d8ef7aad95 | Triage

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 05:57

Sharing

Report Analysis Logs

General

Target

11c7e5c965be3cff7410e837561e7e82.exe
Size

39KB
MD5

11c7e5c965be3cff7410e837561e7e82
SHA1

1727060d2778926d351cc12de25adc273c334257
SHA256

a1e21180b104f0b1cc05fcebd9a9f32c9820f7704693822df06c91d8ef7aad95
SHA512

dc9c7a0b5c712d08d0e664db884b9f54da4daabdb404ebbc7c85184457f6979ef465ede81e5132a8c8f04c4711fc6d700e1201a93b94b0f4101fad9c020c1278
SSDEEP

384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4404	11c7e5c965be3cff7410e837561e7e82.exe
4404	11c7e5c965be3cff7410e837561e7e82.exe
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found
3208	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3208	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4404	11c7e5c965be3cff7410e837561e7e82.exe

C:\Users\Admin\AppData\Local\Temp\11c7e5c965be3cff7410e837561e7e82.exe
"C:\Users\Admin\AppData\Local\Temp\11c7e5c965be3cff7410e837561e7e82.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3208-134-0x0000000002B30000-0x0000000002B46000-memory.dmp

Filesize
88KB

Download
memory/4404-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4404-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download