Overview

overview

10

Static

static

3

644eb593c5...18.exe

windows7-x64

10

644eb593c5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    644eb593c582c716587d69acd23b3982_JaffaCakes118

  • Size

    375KB

  • Sample

    240401-b7kmysae57

  • MD5

    644eb593c582c716587d69acd23b3982

  • SHA1

    cf575ca1b8c607825f3fa6ffdfeaace315b0fabe

  • SHA256

    249b11975db6b600f118671ff5d6bf528d3af34ab137faee493831b1ba49e6b8

  • SHA512

    f7bb893d00593d40d61d029b8cbe3b0b588a5dd33c04c1dbf6e28c765e226f630584dc67c72a37eb31023c2494e96846d2cf0227fbef9dc7e78b5a1d4e1b07a2

  • SSDEEP

    6144:psGV7bNSqVplixvXvIRI8psKN7k/afOlJs6umAkT:p/RVDixvIpsx/af0pAI

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2020

C2

http://bostoc.com/upload/

http://qianyoupj.cn/upload/

http://sleoppen.com/upload/

http://stempelbeton.at/upload/
rc4.i32
rc4.i32

Targets

    • Target

      644eb593c582c716587d69acd23b3982_JaffaCakes118

    • Size

      375KB

    • MD5

      644eb593c582c716587d69acd23b3982

    • SHA1

      cf575ca1b8c607825f3fa6ffdfeaace315b0fabe

    • SHA256

      249b11975db6b600f118671ff5d6bf528d3af34ab137faee493831b1ba49e6b8

    • SHA512

      f7bb893d00593d40d61d029b8cbe3b0b588a5dd33c04c1dbf6e28c765e226f630584dc67c72a37eb31023c2494e96846d2cf0227fbef9dc7e78b5a1d4e1b07a2

    • SSDEEP

      6144:psGV7bNSqVplixvXvIRI8psKN7k/afOlJs6umAkT:p/RVDixvIpsx/af0pAI

    Score
    10/10
    smokeloaderpub3backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks