Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 20:21
Static task
static1
Behavioral task
behavioral1
Sample
b77fea1068099706f3f5d74f346ba334.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b77fea1068099706f3f5d74f346ba334.exe
Resource
win10v2004-20240226-en
General
-
Target
b77fea1068099706f3f5d74f346ba334.exe
-
Size
217KB
-
MD5
b77fea1068099706f3f5d74f346ba334
-
SHA1
58c57f48c3a9338ced4b3cd174b191a9e38ed7c6
-
SHA256
62c4f92778d0bd5831fad52da33914cd561ecefb6f5853925dc989bce3ffa3c9
-
SHA512
eb36d0dcc386c88d91679fbf9541a5b6d777eeea709f016921ae863e0c7fd0f0150c50451f7180cfe9ef8e1eb4b6718851449b024a444de8a431b7e7dfeff296
-
SSDEEP
3072:7HzizXmEwgIMjnOL0J7bdTVnCm5W3O7YWnQdnCNeoBNTfC8IU:SwgIf4J3Z0p3xWWCIwY8
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
pid Process 1176 Process not Found -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI b77fea1068099706f3f5d74f346ba334.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI b77fea1068099706f3f5d74f346ba334.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI b77fea1068099706f3f5d74f346ba334.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1932 b77fea1068099706f3f5d74f346ba334.exe 1932 b77fea1068099706f3f5d74f346ba334.exe 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found 1176 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1932 b77fea1068099706f3f5d74f346ba334.exe