smokeloader | 53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d | Triage

Submit
Reports

Overview

overview

Static

static

3

53bcd82392...0d.exe

windows7-x64

53bcd82392...0d.exe

windows10-2004-x64

Sharing

General

Target

53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d.exe
Size

270KB
Sample

240725-df4ymavbjr
MD5

49d7edc4f51e03058654bdaffdfe9992
SHA1

8f6831a72019f1361e1174e1dbaa00113a034618
SHA256

53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d
SHA512

05795d5a19f24bd6a14a8942730e588d5a5ef5b186d3f65ed3821efeb9d0e29c49352867bf8d8d7bc933f3f5356b55d40dd2e39080847d564bf0c24afd7a36d7
SSDEEP

6144:SzrS9ZldfBpR/xV/tlTUEuA38xplKK9/2Y/Um4voF:ScdfBpR/xV/tuTa85K4JU

Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d.exe

Resource

win7-20240705-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d.exe

Resource

win10v2004-20240709-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d.exe
- Size
  
  270KB
- MD5
  
  49d7edc4f51e03058654bdaffdfe9992
- SHA1
  
  8f6831a72019f1361e1174e1dbaa00113a034618
- SHA256
  
  53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d
- SHA512
  
  05795d5a19f24bd6a14a8942730e588d5a5ef5b186d3f65ed3821efeb9d0e29c49352867bf8d8d7bc933f3f5356b55d40dd2e39080847d564bf0c24afd7a36d7
- SSDEEP
  
  6144:SzrS9ZldfBpR/xV/tlTUEuA38xplKK9/2Y/Um4voF:ScdfBpR/xV/tuTa85K4JU
Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1aspackv2backdoordiscoverytrojan

behavioral2

smokeloaderpub1aspackv2backdoordiscoverytrojan

© 2018-2024

Terms | Privacy