Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    603ca6b962a0545bcc4e06308d6e68cd771d535fb34b45960f7242dc855941e6

  • Size

    236KB

  • Sample

    240507-2zqgcach6y

  • MD5

    0be195eb467b67e6c00bc5e88821d5ac

  • SHA1

    d77634b84160ee79e8838a0c6c32a87fbfdd4b8f

  • SHA256

    603ca6b962a0545bcc4e06308d6e68cd771d535fb34b45960f7242dc855941e6

  • SHA512

    a20b8b8d705d1366431e5386cead3a0ab41b7bb6b506ad745773aa3cd528f54b0cd155502919c82e7d6f972e64c4e7bb1fa04909cf9eb9703949cb75de046c2f

  • SSDEEP

    3072:4/n08fMjzVnoZHkVGZMWaM75Fc8zDhLU:I3fMjzhkHkwZJaMf7hw

Score
10/10
smokeloaderpub1backdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      603ca6b962a0545bcc4e06308d6e68cd771d535fb34b45960f7242dc855941e6

    • Size

      236KB

    • MD5

      0be195eb467b67e6c00bc5e88821d5ac

    • SHA1

      d77634b84160ee79e8838a0c6c32a87fbfdd4b8f

    • SHA256

      603ca6b962a0545bcc4e06308d6e68cd771d535fb34b45960f7242dc855941e6

    • SHA512

      a20b8b8d705d1366431e5386cead3a0ab41b7bb6b506ad745773aa3cd528f54b0cd155502919c82e7d6f972e64c4e7bb1fa04909cf9eb9703949cb75de046c2f

    • SSDEEP

      3072:4/n08fMjzVnoZHkVGZMWaM75Fc8zDhLU:I3fMjzhkHkwZJaMf7hw

    Score
    10/10
    smokeloaderpub1backdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks