Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f73c2ff7df05fca90c08e6ac7a30b97f56a5f62ddc1aed09e0970dc416f995aa

  • Size

    240KB

  • Sample

    240517-ax2caahd62

  • MD5

    6bcbbfac4eb7dbecb5a44983645a75db

  • SHA1

    06335c12d2dc398efa4956674628debaf8a22b39

  • SHA256

    f73c2ff7df05fca90c08e6ac7a30b97f56a5f62ddc1aed09e0970dc416f995aa

  • SHA512

    550b13098d9842bc79b441721b6a93f085d75c274d7b5e0387fae87f9cf5a3566fb13694b5369149e093cb41a109fa015a9698f0553827c8c46c864083a54a33

  • SSDEEP

    3072:SR9BalQW+4t/2Rxpw3qcBsWkW+Nm/WXdJgr5QbgaHbWk18tKbTD94nXU3XnSo1s:SQEe619WZLSbgaH780pyXUSo

Score
10/10
smokeloaderpub1backdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      f73c2ff7df05fca90c08e6ac7a30b97f56a5f62ddc1aed09e0970dc416f995aa

    • Size

      240KB

    • MD5

      6bcbbfac4eb7dbecb5a44983645a75db

    • SHA1

      06335c12d2dc398efa4956674628debaf8a22b39

    • SHA256

      f73c2ff7df05fca90c08e6ac7a30b97f56a5f62ddc1aed09e0970dc416f995aa

    • SHA512

      550b13098d9842bc79b441721b6a93f085d75c274d7b5e0387fae87f9cf5a3566fb13694b5369149e093cb41a109fa015a9698f0553827c8c46c864083a54a33

    • SSDEEP

      3072:SR9BalQW+4t/2Rxpw3qcBsWkW+Nm/WXdJgr5QbgaHbWk18tKbTD94nXU3XnSo1s:SQEe619WZLSbgaH780pyXUSo

    Score
    10/10
    smokeloaderpub1backdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks