smokeloader | 9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840 | Triage

Submit
Reports

Overview

overview

Static

static

3

9c6403ca45...40.exe

windows7-x64

9c6403ca45...40.exe

windows10-2004-x64

Sharing

General

Target

9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840
Size

248KB
Sample

240724-q6txkasckb
MD5

b77043673df8b86cdb3f3049fa4b5cdf
SHA1

998b7f59bf0acd24f920c5608422b59a1f610d80
SHA256

9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840
SHA512

63ab9f4b5108571d094189a6536be0e218e9296c60285d5d2e21f8f799e70421ec44988e94d73b6e7cf2b8020d8e39cd8b3b49c3d599ec8eca4d65280b81a712
SSDEEP

3072:/rwPX0z03zXLpLwAafrPH87QBLAKHIrzJ1fiXMOS5i8nF53JBLGCH:u9XLvafr/87QBEKHazrfi/4ba

Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840.exe

Resource

win7-20240708-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840.exe

Resource

win10v2004-20240709-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840
- Size
  
  248KB
- MD5
  
  b77043673df8b86cdb3f3049fa4b5cdf
- SHA1
  
  998b7f59bf0acd24f920c5608422b59a1f610d80
- SHA256
  
  9c6403ca45a75ab2d917b4014b0227534cc86638a059895ad5cc4889096dc840
- SHA512
  
  63ab9f4b5108571d094189a6536be0e218e9296c60285d5d2e21f8f799e70421ec44988e94d73b6e7cf2b8020d8e39cd8b3b49c3d599ec8eca4d65280b81a712
- SSDEEP
  
  3072:/rwPX0z03zXLpLwAafrPH87QBLAKHIrzJ1fiXMOS5i8nF53JBLGCH:u9XLvafr/87QBEKHazrfi/4ba
Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1aspackv2backdoordiscoverytrojan

behavioral2

smokeloaderpub1aspackv2backdoordiscoverytrojan

© 2018-2024

Terms | Privacy