Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    909579019a3a8e5bdd53eb0d20ad55642f92cebb622a10eb403e334bb3d9da46

  • Size

    760KB

  • Sample

    240516-3nvscseg65

  • MD5

    24305a1dce117ff27c66e28708a6b370

  • SHA1

    a8d5cc71a1a0687fb39fe558f60819f65cb1de25

  • SHA256

    909579019a3a8e5bdd53eb0d20ad55642f92cebb622a10eb403e334bb3d9da46

  • SHA512

    f400d5ffa0e4a170a31320900a303061f8146d034d4dc12556c2ac0a89f58473b642ad09b981009c2fa779eb7453bd9f20f2fa8eb3076d7e8b2668ad1aaf6278

  • SSDEEP

    12288:/X0exbUxn84ayfjkc6Cd6WJLsSGlHmXtvqPLWR2cJc51+Ers07HA6F7chNxXR58J:/X0wbUxisjkc6CLJw3GXtSj9fiErVRFp

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://bipto.org/tmp/index.php

http://jobresurs.ru/tmp/index.php

http://tonybabb.com/tmp/index.php
rc4.i32
rc4.i32

Targets

    • Target

      909579019a3a8e5bdd53eb0d20ad55642f92cebb622a10eb403e334bb3d9da46

    • Size

      760KB

    • MD5

      24305a1dce117ff27c66e28708a6b370

    • SHA1

      a8d5cc71a1a0687fb39fe558f60819f65cb1de25

    • SHA256

      909579019a3a8e5bdd53eb0d20ad55642f92cebb622a10eb403e334bb3d9da46

    • SHA512

      f400d5ffa0e4a170a31320900a303061f8146d034d4dc12556c2ac0a89f58473b642ad09b981009c2fa779eb7453bd9f20f2fa8eb3076d7e8b2668ad1aaf6278

    • SSDEEP

      12288:/X0exbUxn84ayfjkc6Cd6WJLsSGlHmXtvqPLWR2cJc51+Ers07HA6F7chNxXR58J:/X0wbUxisjkc6CLJw3GXtSj9fiErVRFp

    Score
    10/10
    smokeloaderpub3backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks