Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    97ae3ada3c215af01794bfd8e1640effc5ad19cc3307178267a4d6d072f6d55f

  • Size

    288KB

  • Sample

    231127-fmey7aed7v

  • MD5

    00d98163632e375528a86592695e055b

  • SHA1

    a8de9da544ec6497afa17789ff35ce70d9b5ff5f

  • SHA256

    97ae3ada3c215af01794bfd8e1640effc5ad19cc3307178267a4d6d072f6d55f

  • SHA512

    2e9a55aaefaa8960cc874f018805154f0081213634053b30e697022d2762f25afa6d73d973a9ecd9a80ffdfc520f01aa1539c4db44aa7a0819eb9e93ddc68c77

  • SSDEEP

    3072:f31ljgDLVr7lYnx3ODF8PPpjJKhRb7a2Q5mggPo+5kVyBk3eFx/RiPB:d5gDplYnRMF2pjYhRb22xgC+

Score
10/10
smokeloaderpub1backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      97ae3ada3c215af01794bfd8e1640effc5ad19cc3307178267a4d6d072f6d55f

    • Size

      288KB

    • MD5

      00d98163632e375528a86592695e055b

    • SHA1

      a8de9da544ec6497afa17789ff35ce70d9b5ff5f

    • SHA256

      97ae3ada3c215af01794bfd8e1640effc5ad19cc3307178267a4d6d072f6d55f

    • SHA512

      2e9a55aaefaa8960cc874f018805154f0081213634053b30e697022d2762f25afa6d73d973a9ecd9a80ffdfc520f01aa1539c4db44aa7a0819eb9e93ddc68c77

    • SSDEEP

      3072:f31ljgDLVr7lYnx3ODF8PPpjJKhRb7a2Q5mggPo+5kVyBk3eFx/RiPB:d5gDplYnRMF2pjYhRb22xgC+

    Score
    10/10
    smokeloaderpub1backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks