Overview

overview

10

Static

static

3

3a8a23649c...42.exe

windows7-x64

10

3a8a23649c...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a8a23649cd1b6dbd51d7281ded6f78fcc7389af0ecafb649d946160362d5c42

  • Size

    1.2MB

  • Sample

    241110-flqdjatjdl

  • MD5

    676fa6c0b0bf77367c56e1fb47602dd6

  • SHA1

    9f92ddf0ffbdfdeb0b0a13dbf86b919787338dd9

  • SHA256

    3a8a23649cd1b6dbd51d7281ded6f78fcc7389af0ecafb649d946160362d5c42

  • SHA512

    2208eafa46f3a45d4aaa1b2d12f0be73983f55fccd74f2e251d6618820c36e899476f767739b047b43dc4db897edebf5403a8eba6d4e026408570cb9281c1157

  • SSDEEP

    24576:afMj2ySKSGwX8y6tXb46o0B6n6LM0jSENslBY:afqOhhXh76oyiWL2lBY

Score
10/10
smokeloaderblyoon1backdoordiscoverytrojan

Malware Config

Extracted

Family

smokeloader

Botnet

oon1

Extracted

Family

smokeloader

Botnet

bly

Targets

    • Target

      3a8a23649cd1b6dbd51d7281ded6f78fcc7389af0ecafb649d946160362d5c42

    • Size

      1.2MB

    • MD5

      676fa6c0b0bf77367c56e1fb47602dd6

    • SHA1

      9f92ddf0ffbdfdeb0b0a13dbf86b919787338dd9

    • SHA256

      3a8a23649cd1b6dbd51d7281ded6f78fcc7389af0ecafb649d946160362d5c42

    • SHA512

      2208eafa46f3a45d4aaa1b2d12f0be73983f55fccd74f2e251d6618820c36e899476f767739b047b43dc4db897edebf5403a8eba6d4e026408570cb9281c1157

    • SSDEEP

      24576:afMj2ySKSGwX8y6tXb46o0B6n6LM0jSENslBY:afqOhhXh76oyiWL2lBY

    Score
    10/10
    smokeloaderblyoon1backdoordiscoverytrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Smokeloader family

      smokeloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks