Overview

overview

10

Static

static

3

096a80f93b...18.exe

windows7-x64

10

096a80f93b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    096a80f93b8a991eec4124491530551f_JaffaCakes118

  • Size

    48KB

  • Sample

    240328-s3g5psag44

  • MD5

    096a80f93b8a991eec4124491530551f

  • SHA1

    d79a68e8414ed0992a9257928d54b206fff438ac

  • SHA256

    f25f0bd0bcb71b27b5e0d2155bccd4fb8f3ae68e70cbc6ab0d19185bfcd986cf

  • SHA512

    bcf8d540bb794651be2d648932093368105a50eb7a8e6b5f4939b68654d488f274c7ef57fe0e7d56088ae83a58892de225e07e7bde4d62a672f393b2e7a168c6

  • SSDEEP

    768:6xle5XfjdN7/L6xfj4a3WxSLM6guqedH+:1dEfj4awSLM/ydH+

Score
10/10
smokeloaderbackdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://aspmailcenter.com/www/

Targets

    • Target

      096a80f93b8a991eec4124491530551f_JaffaCakes118

    • Size

      48KB

    • MD5

      096a80f93b8a991eec4124491530551f

    • SHA1

      d79a68e8414ed0992a9257928d54b206fff438ac

    • SHA256

      f25f0bd0bcb71b27b5e0d2155bccd4fb8f3ae68e70cbc6ab0d19185bfcd986cf

    • SHA512

      bcf8d540bb794651be2d648932093368105a50eb7a8e6b5f4939b68654d488f274c7ef57fe0e7d56088ae83a58892de225e07e7bde4d62a672f393b2e7a168c6

    • SSDEEP

      768:6xle5XfjdN7/L6xfj4a3WxSLM6guqedH+:1dEfj4awSLM/ydH+

    Score
    10/10
    smokeloaderbackdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks