Overview

overview

10

Static

static

3

4113abc0d7...18.exe

windows7-x64

10

4113abc0d7...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4113abc0d73ecfa53d9507850a588b0c_JaffaCakes118

  • Size

    162KB

  • Sample

    240514-lwt3csah8w

  • MD5

    4113abc0d73ecfa53d9507850a588b0c

  • SHA1

    9d32b63b20d35db380105466cbfbb7bc0a0c14a1

  • SHA256

    65f83cb0fba3c8cd1ab6e0c0a7bb3e0a02ae30b9bc00df8d1be9237ba87e7280

  • SHA512

    de552fb18f0ccfd58910f21ccae5301e3f087f35f6110219b129fd330f4ff2f7b882cbf5ea896b577542843644ac0b3566f225ec3e745b93600f5a580f395fb8

  • SSDEEP

    3072:WZAuUG4GXUZNiDWmIMCu9YX0+aqYsBBNLR28/X:QAsE7WHInu9YX0SyYX

Score
10/10
smokeloadercecebackdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

cece

Extracted

Family

smokeloader

Version

2018

C2

http://proxy-exe.bit/2/

http://kiyanka.club/2/

http://d3s1.me/2/
rc4.i32
rc4.i32

Targets

    • Target

      4113abc0d73ecfa53d9507850a588b0c_JaffaCakes118

    • Size

      162KB

    • MD5

      4113abc0d73ecfa53d9507850a588b0c

    • SHA1

      9d32b63b20d35db380105466cbfbb7bc0a0c14a1

    • SHA256

      65f83cb0fba3c8cd1ab6e0c0a7bb3e0a02ae30b9bc00df8d1be9237ba87e7280

    • SHA512

      de552fb18f0ccfd58910f21ccae5301e3f087f35f6110219b129fd330f4ff2f7b882cbf5ea896b577542843644ac0b3566f225ec3e745b93600f5a580f395fb8

    • SSDEEP

      3072:WZAuUG4GXUZNiDWmIMCu9YX0+aqYsBBNLR28/X:QAsE7WHInu9YX0SyYX

    Score
    10/10
    smokeloadercecebackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks