Overview

overview

10

Static

static

3

f007fa80d9...18.exe

windows7-x64

10

f007fa80d9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f007fa80d9496d0fd351afb756a9c256_JaffaCakes118

  • Size

    208KB

  • Sample

    240921-r76s7aybkq

  • MD5

    f007fa80d9496d0fd351afb756a9c256

  • SHA1

    3793c64986b83e4e44bc357fe724181850f859d2

  • SHA256

    0290900d41e52bfbd0da4ce6855e4588989b5d042a1bce48b6e79490590fc8cd

  • SHA512

    cc3f2f674bb93b8e751001f1cce7fbf4a3da7585346512fd723b5c8c81877f41e6f83d87010bfd0441c4e76a312e68f71266f86f2af9d3827f0db73d5cc687a7

  • SSDEEP

    3072:817tiahkBK1KoPMlXd/HrElouMNqYDhWMmnVoCYWeE:86aiBK1jP4NzElRMNq8hWBA9

Score
10/10
smokeloadervgubackdoordiscoverytrojan

Malware Config

Extracted

Family

smokeloader

Botnet

VgU

Extracted

Family

smokeloader

Version

2018

C2

http://klub11n.se/kp/

rc4.i32
rc4.i32

Targets

    • Target

      f007fa80d9496d0fd351afb756a9c256_JaffaCakes118

    • Size

      208KB

    • MD5

      f007fa80d9496d0fd351afb756a9c256

    • SHA1

      3793c64986b83e4e44bc357fe724181850f859d2

    • SHA256

      0290900d41e52bfbd0da4ce6855e4588989b5d042a1bce48b6e79490590fc8cd

    • SHA512

      cc3f2f674bb93b8e751001f1cce7fbf4a3da7585346512fd723b5c8c81877f41e6f83d87010bfd0441c4e76a312e68f71266f86f2af9d3827f0db73d5cc687a7

    • SSDEEP

      3072:817tiahkBK1KoPMlXd/HrElouMNqYDhWMmnVoCYWeE:86aiBK1jP4NzElRMNq8hWBA9

    Score
    10/10
    smokeloadervgubackdoordiscoverytrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks