Overview

overview

10

Static

static

3

1cd6d30ac1...d9.exe

windows7-x64

10

1cd6d30ac1...d9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cd6d30ac1f36d9de8cbc4f38685aeed80628d47694cb9b199f455855202e7d9.exe

  • Size

    267KB

  • MD5

    57dcf9e07d0e1c811fa7d1386466d832

  • SHA1

    6d5dee42935f4ecff0a10de2c8aacce3ec4f986f

  • SHA256

    1cd6d30ac1f36d9de8cbc4f38685aeed80628d47694cb9b199f455855202e7d9

  • SHA512

    9aa70a4bf250b4b8309ac170f6b8f7a56ade8c2ee8ac3c8785f49de02809e2612948aefd1e5557b0afab96926d914126386ac12a85c9f9788d4e6445849e6cd7

  • SSDEEP

    6144:fhaKS7XKusTiWb8PtdWic0IKxIQ+17LWT:f0B6uVIExIna

Score
10/10
smokeloaderpub4backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://dbfhns.in/tmp/index.php

http://guteyr.cc/tmp/index.php

http://greendag.ru/tmp/index.php

http://lobulraualov.in.net/tmp/index.php
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cd6d30ac1f36d9de8cbc4f38685aeed80628d47694cb9b199f455855202e7d9.exe
    "C:\Users\Admin\AppData\Local\Temp\1cd6d30ac1f36d9de8cbc4f38685aeed80628d47694cb9b199f455855202e7d9.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1088-4-0x00000000024A0000-0x00000000024B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2976-1-0x00000000030F0000-0x00000000031F0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2976-3-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2976-2-0x00000000003B0000-0x00000000003BB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2976-8-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2976-5-0x0000000000400000-0x0000000002CA1000-memory.dmp

    Filesize

    40.6MB

    Download