Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5dd895076ae040aa0668382cf16bd3536bc36819d247adb56e2de7d6afbbda5e

  • Size

    221KB

  • Sample

    231102-ffvfashg47

  • MD5

    6a5328207dfc2885b6976339c6df2f36

  • SHA1

    119bda84754b0b13d63a668d5e29b8e1d09ba8eb

  • SHA256

    5dd895076ae040aa0668382cf16bd3536bc36819d247adb56e2de7d6afbbda5e

  • SHA512

    c489767e5cd1b6d07fa0328d8bfb0cefe0c299f6c8b482340c97d357cd6b8b8fbd7c5446096ebe3d646106eac927df18c0d3790b51ab216259452762bd46c2e0

  • SSDEEP

    6144:Kos7DjeAarEIZeHJPlTGB5Po2clXxy0mmLEw:kDqAarEI0H7go2c2V6Ew

Score
10/10
smokeloaderup3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      5dd895076ae040aa0668382cf16bd3536bc36819d247adb56e2de7d6afbbda5e

    • Size

      221KB

    • MD5

      6a5328207dfc2885b6976339c6df2f36

    • SHA1

      119bda84754b0b13d63a668d5e29b8e1d09ba8eb

    • SHA256

      5dd895076ae040aa0668382cf16bd3536bc36819d247adb56e2de7d6afbbda5e

    • SHA512

      c489767e5cd1b6d07fa0328d8bfb0cefe0c299f6c8b482340c97d357cd6b8b8fbd7c5446096ebe3d646106eac927df18c0d3790b51ab216259452762bd46c2e0

    • SSDEEP

      6144:Kos7DjeAarEIZeHJPlTGB5Po2clXxy0mmLEw:kDqAarEI0H7go2c2V6Ew

    Score
    10/10
    smokeloaderup3backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks