Overview

overview

10

Static

static

3

95f8875128...24.exe

windows7-x64

10

95f8875128...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95f88751283272061f2825423adee58354d94fa06148ccd658010707487ef724

  • Size

    2.5MB

  • Sample

    241107-tccb7sxpbp

  • MD5

    d718ccb9736375a58e85e65f37ac6e44

  • SHA1

    9ef2ae9c5ee182af47e51e3e0304e331911a5685

  • SHA256

    95f88751283272061f2825423adee58354d94fa06148ccd658010707487ef724

  • SHA512

    d4718337dd8ab9cd78e87331a6ab12e82bad655e39f1c6f47ff388ce2f280694448fab88a457c68df5c30891884f4d47947ccedf153d85c49923bdaafccd2e41

  • SSDEEP

    49152:fNnW8yZQvjT88cKCsZTVaPpQjShi10dahpmruj5VbLZqUlH:f2l8ckqf8oVrOdqUlH

Score
10/10
smokeloaderbackdoordiscoveryevasiontrojan

Malware Config

Targets

    • Target

      95f88751283272061f2825423adee58354d94fa06148ccd658010707487ef724

    • Size

      2.5MB

    • MD5

      d718ccb9736375a58e85e65f37ac6e44

    • SHA1

      9ef2ae9c5ee182af47e51e3e0304e331911a5685

    • SHA256

      95f88751283272061f2825423adee58354d94fa06148ccd658010707487ef724

    • SHA512

      d4718337dd8ab9cd78e87331a6ab12e82bad655e39f1c6f47ff388ce2f280694448fab88a457c68df5c30891884f4d47947ccedf153d85c49923bdaafccd2e41

    • SSDEEP

      49152:fNnW8yZQvjT88cKCsZTVaPpQjShi10dahpmruj5VbLZqUlH:f2l8ckqf8oVrOdqUlH

    Score
    10/10
    smokeloaderbackdoordiscoveryevasiontrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Smokeloader family

      smokeloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks