Overview

overview

10

Static

static

3

7e58fdd635...a6.exe

windows7-x64

10

7e58fdd635...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1849d53e0465775a5358c4b3628b34246aedc4f56f3a1a8846fd09987e6530d

  • Size

    162KB

  • Sample

    240417-qsaxjabb6s

  • MD5

    c2094380c427f34ba0cbe8c92569f8de

  • SHA1

    f9f81b84aa862e4140d7e543aed06de62e080965

  • SHA256

    a1849d53e0465775a5358c4b3628b34246aedc4f56f3a1a8846fd09987e6530d

  • SHA512

    3aaa08f1fbe792d2a0bc1bf92a932d2054140d528f5035a1b14361cdbb8b37755e0e29bdbecb489e37ca13263c86a485719dbacf3776cf47438810f9b6b1d1a0

  • SSDEEP

    3072:8yirGuA3/aJbkfVQdSxODxu2+gAp2AG3ETcPEz+/67A1bXGdLz0GrvT8:8yNuA3/aJbkm+ODx9+1FIETcDSgX+LzI

Score
10/10
smokeloaderpub1backdoorpersistencetrojanvmprotect

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      7e58fdd635ef291b98c8c9e6c317fc4f6699dfb8580d95159fdb8f39e9ba9ea6.exe

    • Size

      316KB

    • MD5

      f2d1f4ec91d65ce95ad734b10664fd68

    • SHA1

      6a591a37f17176253e935bcf8579ef76cd33bb7b

    • SHA256

      7e58fdd635ef291b98c8c9e6c317fc4f6699dfb8580d95159fdb8f39e9ba9ea6

    • SHA512

      61908553faf34027b425fdba0d124f4cbff64b1da1bd38d35442832862732f9aced06ae238228c9354b47754e793ca96d9c028f8fe3fa3981682bd64365debea

    • SSDEEP

      3072:X40QDLSbEWxyl+ccK+EXqLIUJ0qDia75STUMA6i7b241oj76d:UkclZq7JbDiJQ5i

    Score
    10/10
    smokeloaderpub1backdoorpersistencetrojanvmprotect

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks