Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8

  • Size

    654KB

  • Sample

    240501-24ynhshg7x

  • MD5

    87f8958f40e487f7d816cd1aaf52fa84

  • SHA1

    0d84722779ef406a090fd085c7a2f4ed636afb3d

  • SHA256

    546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8

  • SHA512

    717c228b27dddca019fe81a8619f6a8d11b0362140de276aa5d6746b3eb0bc1130ae4b79a7a4389541e872cdb63b781a37a1cd459b810b0380deb6b046a0e287

  • SSDEEP

    12288:IXAx/2a0CTmgQ9AlrsgsdNUUhfjersFwz3NTwBOuCUxQQZNIuJ3M7THqAi4dD4:IXAx/2z9CrsgsTUU1ioEnuCUxQQZN9Je

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://cellc.org/tmp/index.php

http://h-c-v.ru/tmp/index.php

http://icebrasilpr.com/tmp/index.php

http://piratia-life.ru/tmp/index.php

http://piratia.su/tmp/index.php
rc4.i32
rc4.i32

Extracted

Family

smokeloader

Botnet

pub3

Targets

    • Target

      546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8

    • Size

      654KB

    • MD5

      87f8958f40e487f7d816cd1aaf52fa84

    • SHA1

      0d84722779ef406a090fd085c7a2f4ed636afb3d

    • SHA256

      546d7f26d8b2a42b4a917e3642c2fffa89a1be3a41795da4ccf8afb2e0f417e8

    • SHA512

      717c228b27dddca019fe81a8619f6a8d11b0362140de276aa5d6746b3eb0bc1130ae4b79a7a4389541e872cdb63b781a37a1cd459b810b0380deb6b046a0e287

    • SSDEEP

      12288:IXAx/2a0CTmgQ9AlrsgsdNUUhfjersFwz3NTwBOuCUxQQZNIuJ3M7THqAi4dD4:IXAx/2z9CrsgsTUU1ioEnuCUxQQZN9Je

    Score
    10/10
    smokeloaderbackdoortrojanpub3

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks