Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    749KB

  • Sample

    240513-rxmmkaad3s

  • MD5

    cc76fdff627601783cd30fa4b3bc9b01

  • SHA1

    955e4ae2f716628423b5c3388597a4ca4bebcf61

  • SHA256

    7cb10c0efe7d47b7a44a5424e197d5a24a67f53fc7e1ed0c1f9923f797e10cfd

  • SHA512

    79f2942c8b17fe8ad1d79895a8f6ae7e7837bd955855ebf51d70adc1fd0111a1e225f582b5ec6f3f84129792a3b2808ed22d14d0246c7f616649e2c70597396a

  • SSDEEP

    12288:MMwQNweRcciNpQdxqnJmuTkhvJoRfzWzCj/XKAbDVFEn1mOU+tvlS2jbKRwMuhyQ:MMwQNwhDOqDTkhvSzxPzbXQmStSkWRwx

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://bipto.org/tmp/index.php

http://jobresurs.ru/tmp/index.php

http://tonybabb.com/tmp/index.php
rc4.i32
rc4.i32

Extracted

Family

smokeloader

Botnet

pub3

Targets

    • Target

      file

    • Size

      749KB

    • MD5

      cc76fdff627601783cd30fa4b3bc9b01

    • SHA1

      955e4ae2f716628423b5c3388597a4ca4bebcf61

    • SHA256

      7cb10c0efe7d47b7a44a5424e197d5a24a67f53fc7e1ed0c1f9923f797e10cfd

    • SHA512

      79f2942c8b17fe8ad1d79895a8f6ae7e7837bd955855ebf51d70adc1fd0111a1e225f582b5ec6f3f84129792a3b2808ed22d14d0246c7f616649e2c70597396a

    • SSDEEP

      12288:MMwQNweRcciNpQdxqnJmuTkhvJoRfzWzCj/XKAbDVFEn1mOU+tvlS2jbKRwMuhyQ:MMwQNwhDOqDTkhvSzxPzbXQmStSkWRwx

    Score
    10/10
    smokeloaderbackdoortrojanpub3

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks