General
-
Target
f435f735e51f5a3f46e9a75bfe76a7c6
-
Size
379KB
-
Sample
231220-vsvn6afec7
-
MD5
f435f735e51f5a3f46e9a75bfe76a7c6
-
SHA1
78eca1b95b996b1b7ba1b0d662180d4445d2e64d
-
SHA256
82e6501851b0556369119bae3756da346aaec750740da806a13ea9c3f6f27d6f
-
SHA512
d13ba131b5c3ca11543f4b255e4bbda9927c650c2c033e325bc6a20eabf4271c0bbf32b75bb125df69208688352a5e99f3bce5aa0306c4c3811c6b35f0d8e39f
-
SSDEEP
6144:yy35/ujgXR8qGfU6RJu1CQB2PFh3hpHlTkZVHWvzLrXR2jUHJ8T1Z:yq54gX2Fs6RJuIc2dh3hpHlTkZVOzfXN
Malware Config
Extracted
smokeloader
pub5
Extracted
smokeloader
2020
http://gmpeople.com/upload/
http://mile48.com/upload/
http://lecanardstsornin.com/upload/
http://m3600.com/upload/
http://camasirx.com/upload/
Targets
-
-
Target
f435f735e51f5a3f46e9a75bfe76a7c6
-
Size
379KB
-
MD5
f435f735e51f5a3f46e9a75bfe76a7c6
-
SHA1
78eca1b95b996b1b7ba1b0d662180d4445d2e64d
-
SHA256
82e6501851b0556369119bae3756da346aaec750740da806a13ea9c3f6f27d6f
-
SHA512
d13ba131b5c3ca11543f4b255e4bbda9927c650c2c033e325bc6a20eabf4271c0bbf32b75bb125df69208688352a5e99f3bce5aa0306c4c3811c6b35f0d8e39f
-
SSDEEP
6144:yy35/ujgXR8qGfU6RJu1CQB2PFh3hpHlTkZVHWvzLrXR2jUHJ8T1Z:yq54gX2Fs6RJuIc2dh3hpHlTkZVOzfXN
Score10/10-
BetaBot
Beta Bot is a Trojan that infects computers and disables Antivirus.
-
Modifies firewall policy service
-
Modifies security service
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1