Overview

overview

10

Static

static

3

abebbafd75...4d.exe

windows7-x64

10

abebbafd75...4d.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abebbafd75d61bb6ac5946a2bb3d0863e7776c4820ed0cedcaba25a4381e274d

  • Size

    123KB

  • Sample

    240422-tfyplsdb52

  • MD5

    f5306fe7ac678b367c484bfd4821ffb2

  • SHA1

    d36008ade2d5cd0e59ce5aa20d60837d10551134

  • SHA256

    abebbafd75d61bb6ac5946a2bb3d0863e7776c4820ed0cedcaba25a4381e274d

  • SHA512

    a198dc372cfc5b413a8401e10ddf5752008464ec51569437bb5e9349af0c2ceca2539e94a25cd30f9b920b8dd96262a3df87004e1d66c40560ae511f77820b8d

  • SSDEEP

    3072:jXzgamaL8aAFLcaRZonAewMjBFfZQ30HpJ:j7GcakAHD

Score
10/10
smokeloaderbackdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://eeaglelifeaa23ol.com/hosting24/

http://eeaglelifebb23ahoo.com/hosting24/

http://eeaglelifecc23kookle.com/hosting24/

http://h24.nutralwater.bit/hosting24/

Targets

    • Target

      abebbafd75d61bb6ac5946a2bb3d0863e7776c4820ed0cedcaba25a4381e274d

    • Size

      123KB

    • MD5

      f5306fe7ac678b367c484bfd4821ffb2

    • SHA1

      d36008ade2d5cd0e59ce5aa20d60837d10551134

    • SHA256

      abebbafd75d61bb6ac5946a2bb3d0863e7776c4820ed0cedcaba25a4381e274d

    • SHA512

      a198dc372cfc5b413a8401e10ddf5752008464ec51569437bb5e9349af0c2ceca2539e94a25cd30f9b920b8dd96262a3df87004e1d66c40560ae511f77820b8d

    • SSDEEP

      3072:jXzgamaL8aAFLcaRZonAewMjBFfZQ30HpJ:j7GcakAHD

    Score
    10/10
    smokeloaderbackdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks