smokeloader | 67676f9f16c16f93081c5a3fb5fe4e055629a00770ef9fea2bfc9be6135bc9e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

ccf4e08158...88.exe

windows7-x64

ccf4e08158...88.exe

windows10-2004-x64

Sharing

General

Target

e5548ec332e4470d061a31561027c718.bin
Size

162KB
Sample

240726-d3f53sxbnb
MD5

2b611d131b138d017b8b8bb34a0d56e6
SHA1

5e3a754994888c384fb0aee471f0c2e39f10b29c
SHA256

67676f9f16c16f93081c5a3fb5fe4e055629a00770ef9fea2bfc9be6135bc9e1
SHA512

c466c36d1541b53d4d0bf35d9a82c7d647a2243744613baf99debba5dab670b2f808257f0e79aaae7f98b624f55f0fd0b240e8e99268ef3e9c619b0ffa8f3f1f
SSDEEP

3072:DTzmqN8TP1xJBHUbbYivMFyyeF+35Ztwkrymm8+bKLDQYqO1eFM7xU:OP1zB0oiEFzeFkBrA8+GD9qRFWxU

Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ccf4e081582226315f3a2bc171b604e3911d0225cc85e18188872ea9832a5388.exe

Resource

win7-20240708-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ccf4e081582226315f3a2bc171b604e3911d0225cc85e18188872ea9832a5388.exe

Resource

win10v2004-20240709-en

smokeloader pub1 aspackv2 backdoor discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  ccf4e081582226315f3a2bc171b604e3911d0225cc85e18188872ea9832a5388.exe
- Size
  
  269KB
- MD5
  
  e5548ec332e4470d061a31561027c718
- SHA1
  
  5f9faf3fa8bd99395e9ddae8e4df0972994b559c
- SHA256
  
  ccf4e081582226315f3a2bc171b604e3911d0225cc85e18188872ea9832a5388
- SHA512
  
  072063f4584207cf0bfcded8b268e43c130b828d236a1395c8553792cd175f88164231b7deabceea31d74aef6bc6c046093feaf266014a60cfa8bc6c042c6ff0
- SSDEEP
  
  6144:Cqu56vuDheY0/giQp4FgWD3QzwQmIkTEkZ27oU:C6vuFb0/gu+WDgsvLk
Score

10^/10

smokeloader pub1 aspackv2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1aspackv2backdoordiscoverytrojan

behavioral2

smokeloaderpub1aspackv2backdoordiscoverytrojan

© 2018-2024

Terms | Privacy