smokeloader | 6861cdee1ee282ee8c69e31503d95291409907d8b27538f8082adb00205ad105 | Triage

Submit
Reports

Overview

overview

Static

static

3

C5665332E8...59.exe

windows7-x64

C5665332E8...59.exe

windows10-2004-x64

Sharing

General

Target

C5665332E8CA3D76FB4B583B3FF97D1F99828F33CAD445B22020147BF9079F59.exe
Size

240KB
Sample

240724-z6bknaxfkm
MD5

a33cb61ca6fee0992ee687c25b00824e
SHA1

24247924ca5a5e7caf133c198cf52fcd831bd0e0
SHA256

6861cdee1ee282ee8c69e31503d95291409907d8b27538f8082adb00205ad105
SHA512

57f4976bc649d3998f65524095d2997bd3dccb48ce35300162d253398428004479007e528857d349c030a962a7c57432bedb474cfb9bb9bd519d1be0ead884cc
SSDEEP

1536:ldKpi5tbTqAdAGkDf+HrN0OjisNkafiw4CpYKxgTr45lGZDvGzMIfGCq2iW7z:ldKpiAIjisWdCeKxgY5lGZzGwqGCH

Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

C5665332E8CA3D76FB4B583B3FF97D1F99828F33CAD445B22020147BF9079F59.exe

Resource

win7-20240704-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

C5665332E8CA3D76FB4B583B3FF97D1F99828F33CAD445B22020147BF9079F59.exe

Resource

win10v2004-20240709-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  C5665332E8CA3D76FB4B583B3FF97D1F99828F33CAD445B22020147BF9079F59.exe
- Size
  
  240KB
- MD5
  
  a33cb61ca6fee0992ee687c25b00824e
- SHA1
  
  24247924ca5a5e7caf133c198cf52fcd831bd0e0
- SHA256
  
  6861cdee1ee282ee8c69e31503d95291409907d8b27538f8082adb00205ad105
- SHA512
  
  57f4976bc649d3998f65524095d2997bd3dccb48ce35300162d253398428004479007e528857d349c030a962a7c57432bedb474cfb9bb9bd519d1be0ead884cc
- SSDEEP
  
  1536:ldKpi5tbTqAdAGkDf+HrN0OjisNkafiw4CpYKxgTr45lGZDvGzMIfGCq2iW7z:ldKpiAIjisWdCeKxgY5lGZzGwqGCH
Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1aspackv2backdoordiscoverytrojan

behavioral2

smokeloaderpub1aspackv2backdoordiscoverytrojan

© 2018-2024

Terms | Privacy