smokeloader | 2764ea00269a63ca9cf17f92d749a5b6babe6caee12466d90ec44ed5a7450541

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
Size

763KB
MD5

65180cf1054b95d9171772202b4b520a
SHA1

d5a0a4b342cd785d5e01546fadd26834cd8b9168
SHA256

bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e
SHA512

df9deca3a89f1dbde1cb952ebc4834a3123efc09f59ccdfc1a72115f03c5fde24de83f69adab71b0b5064c43b27d6f9f53076f14d83f56f249779e28b9cda5ed
SSDEEP

12288:Ngv/glM5bRppJ52h22uc1IwQQewLpHOkAMRF5UotqJsp8tHEUK6Lh77uSmM0hPL:qnKKRppJ52h2Tc1IwQQewluq3qw8tsay

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe

C:\Users\Admin\AppData\Local\Temp\bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe
"C:\Users\Admin\AppData\Local\Temp\bb5a089a3b7524293144b6d235babdc8af566cc6d54217b88130566c8e647e4e.exe"
1⤵
- Checks SCSI registry key(s)
PID:1800

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1800-0-0x0000000000520000-0x000000000052B000-memory.dmp

Filesize
44KB

Download
memory/1800-1-0x0000000000520000-0x000000000052B000-memory.dmp

Filesize
44KB

Download