Overview

overview

10

Static

static

3

ec6e4b29c1...18.exe

windows7-x64

10

ec6e4b29c1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec6e4b29c17f3a67c6a750ea32ed05cf_JaffaCakes118

  • Size

    196KB

  • Sample

    240919-3yh7baybkn

  • MD5

    ec6e4b29c17f3a67c6a750ea32ed05cf

  • SHA1

    7785993c160afd33a0cdd55fc8321ccbd14ae796

  • SHA256

    c81e9648f5cb972ee686bd3b7699405dce0657fcefedc55603d8bfcd5261476b

  • SHA512

    be99f1976ec4afac8b74e7053fb15da94d57f032e1de52a6a403b3f356d6cfc21480679e1ac02de79e57fb5667facade803723a0092f8e09b48a8f54f44cbe3c

  • SSDEEP

    3072:2KBxpWutCmcEdschYDZHoM8bmsisitP7:2KFlJAHYbvg7

Score
10/10
smokeloadervgubackdoordiscoverytrojan

Malware Config

Extracted

Family

smokeloader

Botnet

VgU

Extracted

Family

smokeloader

Version

2018

C2

http://biharmart.com/ip/

rc4.i32
rc4.i32

Targets

    • Target

      ec6e4b29c17f3a67c6a750ea32ed05cf_JaffaCakes118

    • Size

      196KB

    • MD5

      ec6e4b29c17f3a67c6a750ea32ed05cf

    • SHA1

      7785993c160afd33a0cdd55fc8321ccbd14ae796

    • SHA256

      c81e9648f5cb972ee686bd3b7699405dce0657fcefedc55603d8bfcd5261476b

    • SHA512

      be99f1976ec4afac8b74e7053fb15da94d57f032e1de52a6a403b3f356d6cfc21480679e1ac02de79e57fb5667facade803723a0092f8e09b48a8f54f44cbe3c

    • SSDEEP

      3072:2KBxpWutCmcEdschYDZHoM8bmsisitP7:2KFlJAHYbvg7

    Score
    10/10
    smokeloadervgubackdoordiscoverytrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks