Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9ceaad4e66d59eab8c60ad5dbc132ee4cd68e6cf77f4316f7940faea1d1771b

  • Size

    232KB

  • Sample

    240509-3qw37sdh7v

  • MD5

    87ca81715f8e2d8c805a22aa9d5f6b17

  • SHA1

    6c7ac9d8aae7062a81bd0bc1b92b15c7c59f46ed

  • SHA256

    f9ceaad4e66d59eab8c60ad5dbc132ee4cd68e6cf77f4316f7940faea1d1771b

  • SHA512

    36e879ea372ab95190114ce624ff508d0a39000dda1abd76306e7ad7dbd454587d9a490261d56d49844a72f6d1a9ac8e7be331792da08161caad623c1f7a6967

  • SSDEEP

    3072:c3ICGe1HQfXHZYauXz88bNnij5D+u3Gh:gIZeQwj88bJh

Score
10/10
smokeloaderpub1backdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      f9ceaad4e66d59eab8c60ad5dbc132ee4cd68e6cf77f4316f7940faea1d1771b

    • Size

      232KB

    • MD5

      87ca81715f8e2d8c805a22aa9d5f6b17

    • SHA1

      6c7ac9d8aae7062a81bd0bc1b92b15c7c59f46ed

    • SHA256

      f9ceaad4e66d59eab8c60ad5dbc132ee4cd68e6cf77f4316f7940faea1d1771b

    • SHA512

      36e879ea372ab95190114ce624ff508d0a39000dda1abd76306e7ad7dbd454587d9a490261d56d49844a72f6d1a9ac8e7be331792da08161caad623c1f7a6967

    • SSDEEP

      3072:c3ICGe1HQfXHZYauXz88bNnij5D+u3Gh:gIZeQwj88bJh

    Score
    10/10
    smokeloaderpub1backdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks