Overview

overview

10

Static

static

3

0f65a53173...66.exe

windows7-x64

10

0f65a53173...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f65a5317331c174d6552f48a689cdc40a5483c89ff883687746bbf734c49066

  • Size

    265KB

  • Sample

    231012-nyjeragd2v

  • MD5

    47bcec57fb220004f65bf73149a7bb4b

  • SHA1

    0e2b3ef892f42868c651e6f018d45d3af3aa3b0d

  • SHA256

    0f65a5317331c174d6552f48a689cdc40a5483c89ff883687746bbf734c49066

  • SHA512

    19c3cc0d8c67aaa7c53034ff6c8c2349f9f8507815fa37a1b186fea91a6e55782e9e6bbee8138b9a23210b1dbeab8d3bb215f072592f31940f5220f57e9a90b5

  • SSDEEP

    3072:T+Xj4+XBaPDFG+SFqWBH95/1OR0jUjZBpH4+:CHBODFGFnr1OUUlBpH

Score
10/10
smokeloaderup4backdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/
rc4.i32
rc4.i32

Targets

    • Target

      0f65a5317331c174d6552f48a689cdc40a5483c89ff883687746bbf734c49066

    • Size

      265KB

    • MD5

      47bcec57fb220004f65bf73149a7bb4b

    • SHA1

      0e2b3ef892f42868c651e6f018d45d3af3aa3b0d

    • SHA256

      0f65a5317331c174d6552f48a689cdc40a5483c89ff883687746bbf734c49066

    • SHA512

      19c3cc0d8c67aaa7c53034ff6c8c2349f9f8507815fa37a1b186fea91a6e55782e9e6bbee8138b9a23210b1dbeab8d3bb215f072592f31940f5220f57e9a90b5

    • SSDEEP

      3072:T+Xj4+XBaPDFG+SFqWBH95/1OR0jUjZBpH4+:CHBODFGFnr1OUUlBpH

    Score
    10/10
    smokeloaderup4backdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks