Overview

overview

10

Static

static

7

besplatnyy...FK.zip

windows7-x64

1

besplatnyy...FK.zip

windows10-2004-x64

1

PASSWORD 123.txt

windows7-x64

1

PASSWORD 123.txt

windows10-2004-x64

1

besplatnyy...FK.exe

windows7-x64

7

besplatnyy...FK.exe

windows10-2004-x64

10

hitpaw-voi...er.exe

windows7-x64

7

hitpaw-voi...er.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    besplatnyy-klyuch-dl-60KYgwB0xcFK.zip

  • Size

    9.3MB

  • Sample

    231023-l7k9lahf79

  • MD5

    0f16f2bfcbc84e5e91c96485333ae0c2

  • SHA1

    8fc607529ca98319ff4c8a758529d961e8f5142e

  • SHA256

    d747f76dac8d9defd7160471bf7bab4a64c4fb9e00067cbe8c0a21e988739639

  • SHA512

    4757105b2250a664783e734f6245ad400b58d2e5701d19015a6162d9f7ac3b05567136101d10a926cefe18db31e4cf1af24b53f1dc985cebed879ecd18b60353

  • SSDEEP

    196608:oLN+KfeEjkTrrnOVS/Uy9/9ioA2orA4t87WEvCExFBJzvukkmPBV:sE5EgXG6fgP3tWzdBpukkmH

Score
10/10
smokeloaderup4backdoordiscoverytrojanupx

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/
rc4.i32
rc4.i32

Targets

    • Target

      besplatnyy-klyuch-dl-60KYgwB0xcFK.zip

    • Size

      9.3MB

    • MD5

      0f16f2bfcbc84e5e91c96485333ae0c2

    • SHA1

      8fc607529ca98319ff4c8a758529d961e8f5142e

    • SHA256

      d747f76dac8d9defd7160471bf7bab4a64c4fb9e00067cbe8c0a21e988739639

    • SHA512

      4757105b2250a664783e734f6245ad400b58d2e5701d19015a6162d9f7ac3b05567136101d10a926cefe18db31e4cf1af24b53f1dc985cebed879ecd18b60353

    • SSDEEP

      196608:oLN+KfeEjkTrrnOVS/Uy9/9ioA2orA4t87WEvCExFBJzvukkmPBV:sE5EgXG6fgP3tWzdBpukkmH

    Score
    1/10
    behavioral1behavioral2

    • Target

      PASSWORD 123.txt

    • Size

      32B

    • MD5

      74be16979710d4c4e7c6647856088456

    • SHA1

      67a74306b06d0c01624fe0d0249a570f4d093747

    • SHA256

      f215faf9d88b7f0a881632ee22459ee452a296c808d261b6cc993d3a1fd0600e

    • SHA512

      8d5891b55ccb5f5809559d62af779ae306d2f39b23e0d2508a11e8140b049f003e4004e6f5189b5513d56c1ba75074f9efba4a02b7ab92db43496f426e46075e

    Score
    1/10
    behavioral3behavioral4

    • Target

      besplatnyy-klyuch-dl-60KYgwB0xcFK.exe

    • Size

      6.8MB

    • MD5

      df8e865601ee494d4d4d72dc2cce6f94

    • SHA1

      e85c21f99017a2b9efbb6d85339ef77b8d9ac628

    • SHA256

      b321174be71f60b1d0f313709c05efc0613a0802a80c9bcf47854d5beb2e2fe5

    • SHA512

      af15c10d6ccd1cb178304f0f50aa83b14d7652298d2b64f723ca03104c1109089057b1510638ca403aa248f6a670926220df73937d6cd36f88abf1ad335fd09f

    • SSDEEP

      196608:r3meUIYnTf6WuSlVjl6Uk3zmHzEvTFa6PmmjN:r3mJiU3l6PmHwZ3+Y

    Score
    10/10
    discoverysmokeloaderup4backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral5behavioral6

    • Target

      hitpaw-voice-changer.exe

    • Size

      2.8MB

    • MD5

      05f2edb8621e49275e0029c6754b942d

    • SHA1

      f0ae6cafded1bf60c70e5050f6d2a6ad1b13d8a8

    • SHA256

      90279b02d3afb48d50d70201ae740daa2761d0d3f06fd60c4db8690d9ba586fe

    • SHA512

      d671c29d44edf247b6bead6f5a9c61fa76adb4839d8506a5b6a1faf72b97a085af13811c21555e3a08a8d9bcc3a8acc4b228cba3eedf9a2ff93fc28763e46ec9

    • SSDEEP

      49152:RBfoNtu1abLX7EzIZdMOo305WebRyyfdEGUYcz57GO00Bx0KY8D2kwU3st0sUZ:RBfBSH9Ro305WeFyyfdEHYoyGBhpD2kN

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7behavioral8

    • Target

      out.upx

    • Size

      4.5MB

    • MD5

      5468ac16471609cfab04c9a97d6910b4

    • SHA1

      479dfbe1490a9512c1bd9fd4b52b83f7e7e0aa8a

    • SHA256

      7ce65cff1f5eb8a97df8d567bfd79b4abc2e55be407a0849e331004bc2219863

    • SHA512

      eb14796de7784b852df5711ed19e9bc241bf30702cc420219b74080f9afd22905405b4bd33f9cb331ac34ef672a9f271ffc487a4bc1acf4bf94d35094f207f2b

    • SSDEEP

      98304:gRSr8NRvhXJtZCLUPcC7VXZhBBhpD2kp3A0sU:U5LnhBBhpDr

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks