Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 12:50
Static task
static1
Behavioral task
behavioral1
Sample
bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
Resource
win10v2004-20240412-en
General
-
Target
bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
-
Size
763KB
-
MD5
65180cf1054b95d9171772202b4b520a
-
SHA1
d5a0a4b342cd785d5e01546fadd26834cd8b9168
-
SHA256
bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e
-
SHA512
df9deca3a89f1dbde1cb952ebc4834a3123efc09f59ccdfc1a72115f03c5fde24de83f69adab71b0b5064c43b27d6f9f53076f14d83f56f249779e28b9cda5ed
-
SSDEEP
12288:Ngv/glM5bRppJ52h22uc1IwQQewLpHOkAMRF5UotqJsp8tHEUK6Lh77uSmM0hPL:qnKKRppJ52h2Tc1IwQQewluq3qw8tsay
Malware Config
Extracted
smokeloader
pub3
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe