Overview

overview

10

Static

static

3

a8a3130c77...3b.exe

windows7-x64

10

a8a3130c77...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a5fb962dcf9b00e84661eae9e8a679423ab7033d825ad018b5e797c6c83c9b2

  • Size

    142KB

  • Sample

    240417-sbhbdsdb75

  • MD5

    208f815bb969d251f074aaba9fbe5b9f

  • SHA1

    5641d24a91644e469ac2373a2d9a56aa15aa5df9

  • SHA256

    4a5fb962dcf9b00e84661eae9e8a679423ab7033d825ad018b5e797c6c83c9b2

  • SHA512

    c2224a8e88a869037ede1c45bbd179df6d8348bbda7735db59e3b6713e9fc8862110d387bd5a4b129b1589d53027aac2b074b6ad07ee08bbcee4db75d90f824f

  • SSDEEP

    3072:r+U1T9xghpJZcUhzr5ZG3NMb1/ofYk3VIP0k9mq9Tc2gJRaTl4DJPKh2:r+Uh9qhbZdhP5QqbJofJVumq97rh49U2

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://dublebomber.ru/

http://yavasponimayu.ru/

http://nomnetozhedenyuzhkanuzhna.ru/

http://prostosmeritesya.ru/

http://ipoluchayteudovolstvie.ru/

http://super777bomba.ru/

http://specnaznachenie.ru/

http://zakrylki809.ru/

http://propertyminsk.by/

http://iloveua.ir/

http://moyabelorussiya.by/

http://tvoyaradostetoya.ru/

http://zasadacafe.by/

http://restmantra.by/

http://kozachok777.ru/

http://propertyiran.ir/

http://sakentoshi.ru/

http://popuasyfromua.ru/

http://diplombar.by/
rc4.i32
rc4.i32

Targets

    • Target

      a8a3130c779904e23b50d69b4e73a714b345e296feebb9f64a732d5c73e7973b.exe

    • Size

      223KB

    • MD5

      553cc8aee992da42454595e76d7afb37

    • SHA1

      47a5850ad4c2b7e6708fa28300f8fdaf54839ebf

    • SHA256

      a8a3130c779904e23b50d69b4e73a714b345e296feebb9f64a732d5c73e7973b

    • SHA512

      68ae6e2805e2a2281de7b8cb934dd82e44bfd75027bc447a622f5dee562f64ae4dc23285c6c1b9f6b2fb2f339e3a24e872a8e1b05e03f8b0f4ecf4632e5fba18

    • SSDEEP

      6144:u4sxL7SMoJcll5+CZNdX9O3LidITCW2HTfKs0qxIT:u4UHSMecXhJg3LiGTCW2HDKrqi

    Score
    10/10
    smokeloaderbackdoortrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks