Overview

overview

10

Static

static

3

4adf9c8932...18.exe

windows7-x64

10

4adf9c8932...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4adf9c89320348237cc3921c19eb2cc7_JaffaCakes118

  • Size

    310KB

  • Sample

    240331-c3xx6acg52

  • MD5

    4adf9c89320348237cc3921c19eb2cc7

  • SHA1

    90d66f6c09d3c7d5b8ddfcba3692869e25d55f29

  • SHA256

    85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c

  • SHA512

    9b6423db973f2c05b9bc5a3c9b2bf37e1b9f2b60fb4e497b255054084d7b5eb8c906ae0c0c4d4d347ad5a94de3acf9a037ba739f4bf01049dab94f23c629ffd6

  • SSDEEP

    6144:48yB2vLLlTsypGIjvfqKdpaZbPSC4CsIOv36fA7:4RBINsysIjnnpaZWPCsI0cA7

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.top/

http://wijibui0.top/

http://hefahei6.top/

http://pipevai4.top/

http://nalirou7.top/
rc4.i32
rc4.i32

Targets

    • Target

      4adf9c89320348237cc3921c19eb2cc7_JaffaCakes118

    • Size

      310KB

    • MD5

      4adf9c89320348237cc3921c19eb2cc7

    • SHA1

      90d66f6c09d3c7d5b8ddfcba3692869e25d55f29

    • SHA256

      85a36b790bf6afe574fe90bc06e56c1a5b0380d987026d2cd7c75f795a8de73c

    • SHA512

      9b6423db973f2c05b9bc5a3c9b2bf37e1b9f2b60fb4e497b255054084d7b5eb8c906ae0c0c4d4d347ad5a94de3acf9a037ba739f4bf01049dab94f23c629ffd6

    • SSDEEP

      6144:48yB2vLLlTsypGIjvfqKdpaZbPSC4CsIOv36fA7:4RBINsysIjnnpaZWPCsI0cA7

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks