Overview

overview

10

Static

static

3

cedd6842dc...8b.exe

windows7-x64

10

cedd6842dc...8b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6080b64c76f77256cd15adad98e5fc85869586e069fccdb9d1477476acdb310b

  • Size

    151KB

  • Sample

    240417-sa2zeadb48

  • MD5

    0a08e8a8f1add68cf51e9bc153218cee

  • SHA1

    d4237d7da204ed392316665b18617c87d2364698

  • SHA256

    6080b64c76f77256cd15adad98e5fc85869586e069fccdb9d1477476acdb310b

  • SHA512

    64e693535175189447efcd33515a72cd3afaf67e533e2038ff90a69106b5ed2f6f2a3525940b9e00e96db3ab19b14889483c0134b6d49b271a28356a87b228d9

  • SSDEEP

    3072:PbwDb3GDgKKhsUP/B1Ptml7z70aXMcLk1ykh3zbkhj3n6B9/fn+RRW/wJyiMhG:wb3GDgKKXP/B1PC3AwMcI1Lh3H0mpfch

Score
10/10
smokeloaderup3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      cedd6842dc8e5b7b943cba42c7b1229e71963dfc5c47c52165947adb1287248b.exe

    • Size

      239KB

    • MD5

      8a5998ead64eeb32576a01030d890393

    • SHA1

      5cd5662226bd724a136627834e2b1beacdb951a0

    • SHA256

      cedd6842dc8e5b7b943cba42c7b1229e71963dfc5c47c52165947adb1287248b

    • SHA512

      85387bd3ff646c17666dfd850e698654eafde9708de53b3b51e74f40e69e5afe76e40edaa25b0771f8d7594c5dd9aaa6626901a6f3ffdf424ae60d32e995142b

    • SSDEEP

      3072:rfULUw/frbCOs7FHrG1d7nQ3At2ui0gjLM+LgeRp:rfULzfSOaFUdOI8IGge

    Score
    10/10
    smokeloaderup3backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks