Overview

overview

10

Static

static

3

60484122de...a3.exe

windows7-x64

10

60484122de...a3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    60484122deb7118ae2cfc580d770dd9740eb1fdb190d1761fc662c562be26da3

  • Size

    195KB

  • Sample

    231014-a971lagf2v

  • MD5

    7ce4d9e4ba6da50a7d827a847a14fe90

  • SHA1

    63f9801c2d21a35c2c69ae3b6f51d974791db524

  • SHA256

    60484122deb7118ae2cfc580d770dd9740eb1fdb190d1761fc662c562be26da3

  • SHA512

    697c3189e14dc9d3fd4c379f91f5f4a06b0b511440eec9b481b8698f013d9121e35784c657aca34ae17cd0d61ce91a6e3314548d8385f63914f8fcfc2bad2b07

  • SSDEEP

    6144:/v6L6DG6wznVu+A2NL761m7E3HquCTV4:H6mDG6yPA2NLu1Tauya

Score
10/10
smokeloaderpub1backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      60484122deb7118ae2cfc580d770dd9740eb1fdb190d1761fc662c562be26da3

    • Size

      195KB

    • MD5

      7ce4d9e4ba6da50a7d827a847a14fe90

    • SHA1

      63f9801c2d21a35c2c69ae3b6f51d974791db524

    • SHA256

      60484122deb7118ae2cfc580d770dd9740eb1fdb190d1761fc662c562be26da3

    • SHA512

      697c3189e14dc9d3fd4c379f91f5f4a06b0b511440eec9b481b8698f013d9121e35784c657aca34ae17cd0d61ce91a6e3314548d8385f63914f8fcfc2bad2b07

    • SSDEEP

      6144:/v6L6DG6wznVu+A2NL761m7E3HquCTV4:H6mDG6yPA2NLu1Tauya

    Score
    10/10
    smokeloaderpub1backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks