Overview

overview

10

Static

static

3

f0937a5640...d8.exe

windows7-x64

10

f0937a5640...d8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f0937a56401c28d94e8608e80c9f48d74a688797e9e030b0324094874d8a1ad8

  • Size

    253KB

  • Sample

    231012-xpjhtshe7v

  • MD5

    d53fd15867eac795277bb9660c5add7c

  • SHA1

    64cfc927faa7c37284aad8dd5a5730bad89b33ed

  • SHA256

    f0937a56401c28d94e8608e80c9f48d74a688797e9e030b0324094874d8a1ad8

  • SHA512

    04a61b2125f266882993c8809b6fd143a3e4e33695059b5b4419981e2840135a9d8ba7da64e8f52eef993a5cd227b4dced992f05f209a60a452a2b38d8ade695

  • SSDEEP

    1536:zJpUUCmM1MHq8lnDjgDSj+lPxZ9chmgJAxcoE+bfAmflaRg7BP0hFWbIdK7IbM3R:dp+mM1MKs949chmnu+bfja+eWabM2GN

Score
10/10
smokeloaderpub1backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      f0937a56401c28d94e8608e80c9f48d74a688797e9e030b0324094874d8a1ad8

    • Size

      253KB

    • MD5

      d53fd15867eac795277bb9660c5add7c

    • SHA1

      64cfc927faa7c37284aad8dd5a5730bad89b33ed

    • SHA256

      f0937a56401c28d94e8608e80c9f48d74a688797e9e030b0324094874d8a1ad8

    • SHA512

      04a61b2125f266882993c8809b6fd143a3e4e33695059b5b4419981e2840135a9d8ba7da64e8f52eef993a5cd227b4dced992f05f209a60a452a2b38d8ade695

    • SSDEEP

      1536:zJpUUCmM1MHq8lnDjgDSj+lPxZ9chmgJAxcoE+bfAmflaRg7BP0hFWbIdK7IbM3R:dp+mM1MKs949chmnu+bfja+eWabM2GN

    Score
    10/10
    smokeloaderpub1backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks