Overview

overview

10

Static

static

10

1PDF.Fatur...07.exe

windows11-21h2-x64

8

3e6642f710...5e.exe

windows11-21h2-x64

10

4c40337094...92.exe

windows11-21h2-x64

10

644d928a4a...25.exe

windows11-21h2-x64

10

64ec6562b9...2e.exe

windows11-21h2-x64

10

7a0395c75a...8e.exe

windows11-21h2-x64

10

901478668c...d4.exe

windows11-21h2-x64

10

938b7e042b...98.exe

windows11-21h2-x64

10

96d1bc7dec...b7.exe

windows11-21h2-x64

10

Built.exe

windows11-21h2-x64

8

DHL_PT5638...53.bat

windows11-21h2-x64

8

DTLite.exe

windows11-21h2-x64

10

PDF.Fatura...07.exe

windows11-21h2-x64

8

PDF.exe

windows11-21h2-x64

10

SIP.03746.XSLSX.exe

windows11-21h2-x64

8

a33245a27c...8a.exe

windows11-21h2-x64

10

arwbjuh.exe

windows11-21h2-x64

10

bjutbht.exe

windows11-21h2-x64

10

black.bat

windows11-21h2-x64

8

borlndmm.dll

windows11-21h2-x64

10

ccleaner.exe

windows11-21h2-x64

1

d87e2dcd2e...6d.exe

windows11-21h2-x64

10

dwvhgtd.exe

windows11-21h2-x64

10

file.exe

windows11-21h2-x64

10

helper.bat

windows11-21h2-x64

10

setup.exe

windows11-21h2-x64

7

Resubmissions

21-01-2025 13:35

250121-qvptgawqbk 10

21-01-2025 11:58

250121-n5b91ssqem 10

21-01-2025 11:44

250121-nwlr4a1qhs 10

21-01-2025 11:07

250121-m7zbws1kfn 10

17-07-2024 20:08

240717-ywvp4swhjk 10

Analysis

  • max time kernel
    37s
  • max time network
    41s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17-07-2024 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bjutbht.exe

  • Size

    294KB

  • MD5

    9442e7f51753f9ef3604a13e459334aa

  • SHA1

    b8ecc6920c4fca9725fbc78d6684359c88b8224a

  • SHA256

    7e0623dbd4975ddc7790c45c9407527c048cb04727ddf757e70f7d5b702703fd

  • SHA512

    5af0b0653245ebc1a1aac4cca90d2bb53b48bea25a8f104cbd3e410f1374ef86a578fc56b3c7d42fc9bb0a5b22db97b007805da72528c89dca575c8196361cce

  • SSDEEP

    3072:lCHi6zfNNcKW0PNXiWIztAq/czUZrHFdOIMRsSHHi:lezVlPxbKpEqiHH

Score
10/10
smokeloaderpub1backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bjutbht.exe
    "C:\Users\Admin\AppData\Local\Temp\bjutbht.exe"
    1⤵
    • Checks SCSI registry key(s)
    PID:2652
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 484
      2⤵
      • Program crash
      PID:2856
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2652 -ip 2652
    1⤵
      PID:2124

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2652-1-0x00000000023E0000-0x00000000024E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2652-3-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2652-2-0x00000000023C0000-0x00000000023CB000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2652-4-0x0000000000400000-0x0000000002092000-memory.dmp

      Filesize

      28.6MB

      Download