Overview

overview

10

Static

static

10

f5185d4e07...ff.exe

windows7-x64

10

f5185d4e07...ff.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5185d4e070e8cf1120790d078dd9d3dc33539b59c33ffc607d88ee30e3e1dff.exe

  • Size

    40KB

  • MD5

    311f4f130fad70c7159cbae042926bee

  • SHA1

    81e6978bc064c0c745dc6b32bdf05eafeb10fc31

  • SHA256

    f5185d4e070e8cf1120790d078dd9d3dc33539b59c33ffc607d88ee30e3e1dff

  • SHA512

    21158ed18c489e1e40d5c8e29c079c19231f86a459cdfa11e05176601d93c36b718df03ee125d0d58295618bf65a712884c22a885d2aa2a71028d0d25c3b25d1

  • SSDEEP

    768:O2fNN6rUCUQN3rlhRtSEObrfWrZrZZGazbv61kTtnIx1y0qWb:OQNsrII7P7sbrOZXGaXi1kyG0P

Score
10/10
smokeloadersel2backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

sel2

Extracted

Family

smokeloader

Version

2022

C2

https://airwide-land.com/calcroom.php

https://summerwaterhall.com/calcroom.php
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5185d4e070e8cf1120790d078dd9d3dc33539b59c33ffc607d88ee30e3e1dff.exe
    "C:\Users\Admin\AppData\Local\Temp\f5185d4e070e8cf1120790d078dd9d3dc33539b59c33ffc607d88ee30e3e1dff.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-1-0x0000000002520000-0x0000000002536000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2296-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2296-2-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download