Overview

overview

10

Static

static

3

e26b4f39f4...18.exe

windows7-x64

10

e26b4f39f4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e26b4f39f4c64f8f9b4d1d607c1d4450_JaffaCakes118

  • Size

    338KB

  • Sample

    240406-nemcasha7x

  • MD5

    e26b4f39f4c64f8f9b4d1d607c1d4450

  • SHA1

    16d757a87e2d47938cb176465934c3f576929713

  • SHA256

    6ab7801a80f78c2586d0bd611807f3f8229300a32efc7b6793d7b2a8d1d28371

  • SHA512

    80d5ca1afcf515ad4e41e12f5bf39b2a2a58d590bd3e1f3a4814794a7a9c6da9af5a1df77e67c82f74e77f0feeb5b6731ec7d2b7772a2a019c523dc362973cc6

  • SSDEEP

    6144:/hw/KB4AbHmVbIrUgGmvmM+tAVnMPGuZSgDy:s2GtIrUsvGt2nMPGuod

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2020

C2

http://gmpeople.com/upload/

http://mile48.com/upload/

http://lecanardstsornin.com/upload/

http://m3600.com/upload/

http://camasirx.com/upload/
rc4.i32
rc4.i32

Targets

    • Target

      e26b4f39f4c64f8f9b4d1d607c1d4450_JaffaCakes118

    • Size

      338KB

    • MD5

      e26b4f39f4c64f8f9b4d1d607c1d4450

    • SHA1

      16d757a87e2d47938cb176465934c3f576929713

    • SHA256

      6ab7801a80f78c2586d0bd611807f3f8229300a32efc7b6793d7b2a8d1d28371

    • SHA512

      80d5ca1afcf515ad4e41e12f5bf39b2a2a58d590bd3e1f3a4814794a7a9c6da9af5a1df77e67c82f74e77f0feeb5b6731ec7d2b7772a2a019c523dc362973cc6

    • SSDEEP

      6144:/hw/KB4AbHmVbIrUgGmvmM+tAVnMPGuZSgDy:s2GtIrUsvGt2nMPGuod

    Score
    10/10
    smokeloaderpub3backdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks