Overview

overview

10

Static

static

1

SecuriteIn...38.exe

windows7-x64

10

SecuriteIn...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.Evo-gen.21074.1738.exe

  • Size

    2.8MB

  • Sample

    240727-rqqewawgmg

  • MD5

    3aaf8d9e76ff8863048dde031d10b212

  • SHA1

    7140ba74a551db5b774b2396a12162bfa7e69e55

  • SHA256

    e1ad28fc14d831e1d7f4dbe2aabb8abe360f7d10928f8abc30ef66b04e8a8f6d

  • SHA512

    8ec6f92017927d6fcab11ac46033d4b34ec3cfc64e780e79aa452e6e5258d6004c394d63ddbab3c40e1803a58fd6d9c253ec36fd07d02936f69bfcb5ea99efa4

  • SSDEEP

    49152:6Wd+ztjZhFq/4hQP6RmdecW8yZQvjT88cKKitPpQjShi10dahpmruj5VbLZaZu:Ql8cITf8oVrOdgu

Score
10/10
smokeloaderbackdoordiscoveryevasiontrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.Evo-gen.21074.1738.exe

    • Size

      2.8MB

    • MD5

      3aaf8d9e76ff8863048dde031d10b212

    • SHA1

      7140ba74a551db5b774b2396a12162bfa7e69e55

    • SHA256

      e1ad28fc14d831e1d7f4dbe2aabb8abe360f7d10928f8abc30ef66b04e8a8f6d

    • SHA512

      8ec6f92017927d6fcab11ac46033d4b34ec3cfc64e780e79aa452e6e5258d6004c394d63ddbab3c40e1803a58fd6d9c253ec36fd07d02936f69bfcb5ea99efa4

    • SSDEEP

      49152:6Wd+ztjZhFq/4hQP6RmdecW8yZQvjT88cKKitPpQjShi10dahpmruj5VbLZaZu:Ql8cITf8oVrOdgu

    Score
    10/10
    smokeloaderbackdoordiscoveryevasiontrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks