Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
-
submitted
06/10/2023, 12:15
General
-
Target
ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193.exe
-
Size
293KB
-
MD5
fd8894c45fade2fa27b964affcb0f293
-
SHA1
2a72eeffbc496233f9eec7167ff0c74b828c4e20
-
SHA256
ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193
-
SHA512
cc2a3e7279442c595260078563ecfeda37f8a45bbe91b23a9a413d4fd2f8fdfb80ce8fccaea4fac54fcc2675d290a0dba6453f587689b144c95f744c679b81cd
-
SSDEEP
3072:Gz+UbYSifIDlUSMpqjWutafGXypDsfO8Ozp9fSSd1Tot:8PYpfIOKKgakKDsxO3NTo
Malware Config
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193.exe"C:\Users\Admin\AppData\Local\Temp\ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193.exe"C:\Users\Admin\AppData\Local\Temp\ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193.exe"2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1024KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
88KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB