Overview

overview

10

Static

static

3

743cb916a0...18.exe

windows7-x64

10

743cb916a0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    743cb916a0ab733306a059bbbd9cdea8_JaffaCakes118

  • Size

    106KB

  • Sample

    240526-eb6r4aee47

  • MD5

    743cb916a0ab733306a059bbbd9cdea8

  • SHA1

    f6e09696a9a23bfeb55be97c67328e4bb3624ccb

  • SHA256

    0aeb96e050a7b92fd2b9d447fa7cba6517fc194369f7de7fa69f86386cd15622

  • SHA512

    053836189677a1ce3c464d33de58182f667af78d1765ff8f1b193716cecaa2cf150f5b62000984c50b72f1bf7b71d189ba57b9b843e8cd0c76ebeec6898c2224

  • SSDEEP

    1536:IvXod1fuXvmSfzb6CQz5e1WbJO8Xas13ldT2mmlqJSTKRF0MNPlPtzRYTL:MXoX7SfI9+WFOwaqVdCmJnN1zRYT

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rexstat35xm.xyz/statweb577/

http://dexspot2cx.club/statweb577/

http://atxspot20cx.best/statweb577/

http://rexspot7xm.xyz/statweb577/

http://datasectex.com/statweb577/

http://servicem977xm.xyz/statweb577/

http://advertxman7cx.xyz/statweb577/

http://starxpush7xm.xyz/statweb577/
rc4.i32
rc4.i32

Targets

    • Target

      743cb916a0ab733306a059bbbd9cdea8_JaffaCakes118

    • Size

      106KB

    • MD5

      743cb916a0ab733306a059bbbd9cdea8

    • SHA1

      f6e09696a9a23bfeb55be97c67328e4bb3624ccb

    • SHA256

      0aeb96e050a7b92fd2b9d447fa7cba6517fc194369f7de7fa69f86386cd15622

    • SHA512

      053836189677a1ce3c464d33de58182f667af78d1765ff8f1b193716cecaa2cf150f5b62000984c50b72f1bf7b71d189ba57b9b843e8cd0c76ebeec6898c2224

    • SSDEEP

      1536:IvXod1fuXvmSfzb6CQz5e1WbJO8Xas13ldT2mmlqJSTKRF0MNPlPtzRYTL:MXoX7SfI9+WFOwaqVdCmJnN1zRYT

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks