Overview

overview

10

Static

static

3

c3215f0583...18.exe

windows7-x64

10

c3215f0583...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3215f05833a9b020d913e1c707adb84_JaffaCakes118

  • Size

    136KB

  • Sample

    240826-q5plfsxakh

  • MD5

    c3215f05833a9b020d913e1c707adb84

  • SHA1

    6b158e4c4de3fca8a8649cf283c756a85bd7b8d6

  • SHA256

    02ff4180fb0f7f8f1f91d2a8e9f74015aebdbec13530ad1b5d88b7d5071db5dc

  • SHA512

    5a4f1b09930572750b00d3b6bbebd0f550f2faafa52bb8d1443ca48a112639b6846b89be6ed5014eddd2eecf3b371bad209cad592417b1f7f7f3eb2e3efb4f79

  • SSDEEP

    3072:rESi00FPKlVi3yb2H0WbjAgONB6DC4oPBNbHY:rZ0FS/ON9bjWNw+4kx

Score
10/10
smokeloadercecebackdoordiscoverytrojan

Malware Config

Extracted

Family

smokeloader

Botnet

cece

Extracted

Family

smokeloader

Version

2018

C2

http://proxy-exe.bit/2/

http://kiyanka.club/2/

http://d3s1.me/2/
rc4.i32
rc4.i32

Targets

    • Target

      c3215f05833a9b020d913e1c707adb84_JaffaCakes118

    • Size

      136KB

    • MD5

      c3215f05833a9b020d913e1c707adb84

    • SHA1

      6b158e4c4de3fca8a8649cf283c756a85bd7b8d6

    • SHA256

      02ff4180fb0f7f8f1f91d2a8e9f74015aebdbec13530ad1b5d88b7d5071db5dc

    • SHA512

      5a4f1b09930572750b00d3b6bbebd0f550f2faafa52bb8d1443ca48a112639b6846b89be6ed5014eddd2eecf3b371bad209cad592417b1f7f7f3eb2e3efb4f79

    • SSDEEP

      3072:rESi00FPKlVi3yb2H0WbjAgONB6DC4oPBNbHY:rZ0FS/ON9bjWNw+4kx

    Score
    10/10
    smokeloadercecebackdoordiscoverytrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks