Overview

overview

10

Static

static

3

a78b39de8c...10.exe

windows7-x64

10

a78b39de8c...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    441ff24e4122979c5dd3c6f426f8e8d7066a712598f462376d9dbe2bfe9b16bf

  • Size

    132KB

  • Sample

    240417-p3j3hsfh55

  • MD5

    9d606f278d4bac5c2c9aad86c9b77e6a

  • SHA1

    8f18ffd012297853c13ed10215da0e702c9902be

  • SHA256

    441ff24e4122979c5dd3c6f426f8e8d7066a712598f462376d9dbe2bfe9b16bf

  • SHA512

    98c5bb81bd9c5d8d5cdbc2358c9b1fe228078cdcf5826dd18c9a1c7ccb90b56a8aa12605810cd495158a9d21cba625674b95cd136eb76cfb003ecb13b16440a6

  • SSDEEP

    3072:5OgOsJvc1j0678ck3sKya3LWK+9M7l5uW:AgOsi1w6763+a3Fhh

Score
10/10
smokeloaderpub1backdoorpersistencetrojanvmprotect

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      a78b39de8c05456e93a88136f9caaee35e9b5149acf072acd3214b28293c7910.exe

    • Size

      290KB

    • MD5

      e478a6638150036e4009beb1530187bb

    • SHA1

      6c49c874ba692a84f8ebd46c2cdab07aca026ce4

    • SHA256

      a78b39de8c05456e93a88136f9caaee35e9b5149acf072acd3214b28293c7910

    • SHA512

      35c7b708dc696c20510d4c978d0a5591ec9dc4953c0dffb2b02e9e033dc8d4d9bc65b9d900daaa8550ede92a6dfc344f4da4f4460febcaabc69d06add70cfb36

    • SSDEEP

      3072:UftVMmPJYH+9YwY3ltaFyz3fsA23+tqB+tad0xEVKZ6OKKs6vg33qN:U3dRYH+9YqFc3kA23+QwtwyEcNPg33q

    Score
    10/10
    smokeloaderpub1backdoorpersistencetrojanvmprotect

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks