Overview

overview

10

Static

static

3

2adf458136...26.exe

windows7-x64

10

2adf458136...26.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2adf4581364c32549d7b32826b88d7b7408214e91deee492ef3bdd846a42f526.exe

  • Size

    311KB

  • Sample

    240111-yvmm4sfcep

  • MD5

    5fb837c05b92590f5e23e89eff60d6a1

  • SHA1

    93595e218d3664d92055d60ef1753141e4fd053d

  • SHA256

    2adf4581364c32549d7b32826b88d7b7408214e91deee492ef3bdd846a42f526

  • SHA512

    2813c7643d984f3479bc83ebe04d92dcf285640e26e9cc60a9d742a193af4651bdfa43f595fdaee7f91c2b6c15147aec04eda876edf6cf3325fa52addf316346

  • SSDEEP

    3072:U8EGKLRYmuaZn29+DCxz+JwMom5WG5sKI36Fwj0:UljLRXuaZnIVMr6737

Score
10/10
smokeloadervidarzgratbackdoorratstealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://selebration17io.io/index.php

http://vacantion18ffeu.cc/index.php

http://valarioulinity1.net/index.php

http://buriatiarutuhuob.net/index.php

http://cassiosssionunu.me/index.php

http://sulugilioiu19.net/index.php

http://goodfooggooftool.net/index.php
rc4.i32
rc4.i32

Targets

    • Target

      2adf4581364c32549d7b32826b88d7b7408214e91deee492ef3bdd846a42f526.exe

    • Size

      311KB

    • MD5

      5fb837c05b92590f5e23e89eff60d6a1

    • SHA1

      93595e218d3664d92055d60ef1753141e4fd053d

    • SHA256

      2adf4581364c32549d7b32826b88d7b7408214e91deee492ef3bdd846a42f526

    • SHA512

      2813c7643d984f3479bc83ebe04d92dcf285640e26e9cc60a9d742a193af4651bdfa43f595fdaee7f91c2b6c15147aec04eda876edf6cf3325fa52addf316346

    • SSDEEP

      3072:U8EGKLRYmuaZn29+DCxz+JwMom5WG5sKI36Fwj0:UljLRXuaZnIVMr6737

    Score
    10/10
    smokeloaderbackdoortrojanvidarzgratratstealer

    • Detect Vidar Stealer

      stealer

    • Detect ZGRat V1

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks