Overview

overview

10

Static

static

3

0d1df0c512...18.exe

windows7-x64

10

0d1df0c512...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d1df0c512168a50a1aa3cb6199f3d97_JaffaCakes118

  • Size

    175KB

  • Sample

    240328-xbsvcadc6s

  • MD5

    0d1df0c512168a50a1aa3cb6199f3d97

  • SHA1

    dfe3e2c48394cdac0fae27e25e2ba6057cfee221

  • SHA256

    6ce593e9aa59ebf1c4e6763b626669a4d24a32dc1183b85c6586c8d949a9e024

  • SHA512

    7697a33447cca12e472e06c76c5e1a10d6d6418fa242c341ecff418b808d32e16048b9761220bb481d6db3ab47c4b009fcdaf7365e4d6e5408980c3070901b4b

  • SSDEEP

    3072:E12oDavr+iKwO9PWKU93JbZf1EoS9D98aShyuyJREy3E:PoDaT+iKwOtWbBJPEVx98aCmeOE

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://linavanandr11.club/

http://iselaharty12.club/

http://giovaninardo13.club/

http://zayneliann14.club/

http://zorinosali15.club/
rc4.i32
rc4.i32

Targets

    • Target

      0d1df0c512168a50a1aa3cb6199f3d97_JaffaCakes118

    • Size

      175KB

    • MD5

      0d1df0c512168a50a1aa3cb6199f3d97

    • SHA1

      dfe3e2c48394cdac0fae27e25e2ba6057cfee221

    • SHA256

      6ce593e9aa59ebf1c4e6763b626669a4d24a32dc1183b85c6586c8d949a9e024

    • SHA512

      7697a33447cca12e472e06c76c5e1a10d6d6418fa242c341ecff418b808d32e16048b9761220bb481d6db3ab47c4b009fcdaf7365e4d6e5408980c3070901b4b

    • SSDEEP

      3072:E12oDavr+iKwO9PWKU93JbZf1EoS9D98aShyuyJREy3E:PoDaT+iKwOtWbBJPEVx98aCmeOE

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks