General
-
Target
461f0f86f52bfa5fbed84023d0a9c8652bcbca34fea76ad0cb5bb8c503b65c9a_dump.exe
-
Size
32KB
-
Sample
240116-k3bnxsgfck
-
MD5
a24f02aa70607beea6af7963d2a51a4d
-
SHA1
fdbf0458799b50f52b231151d84c5d68f6e6da95
-
SHA256
9a77f554fbc23a4d71cbb980b5dcdef80291fa70849430a929a1e1bb9cebc2dc
-
SHA512
2d8d64931184e5d202e097157fc783ba6245b78374a1baefed1abc31a0458acc486f389447bd7cdc7ed2f38a3f91ecbced50923575233e470837790590c52222
-
SSDEEP
768:OAUqYpNSIoKpDd1KM02kQhx4hOtFceWzYqvz0bOS:HLo8LKtd1PBkQD4UtFceWnz
Malware Config
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
461f0f86f52bfa5fbed84023d0a9c8652bcbca34fea76ad0cb5bb8c503b65c9a_dump.exe
-
Size
32KB
-
MD5
a24f02aa70607beea6af7963d2a51a4d
-
SHA1
fdbf0458799b50f52b231151d84c5d68f6e6da95
-
SHA256
9a77f554fbc23a4d71cbb980b5dcdef80291fa70849430a929a1e1bb9cebc2dc
-
SHA512
2d8d64931184e5d202e097157fc783ba6245b78374a1baefed1abc31a0458acc486f389447bd7cdc7ed2f38a3f91ecbced50923575233e470837790590c52222
-
SSDEEP
768:OAUqYpNSIoKpDd1KM02kQhx4hOtFceWzYqvz0bOS:HLo8LKtd1PBkQD4UtFceWnz
Score10/10-
BetaBot
Beta Bot is a Trojan that infects computers and disables Antivirus.
-
Modifies firewall policy service
-
Modifies security service
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1