Overview

overview

10

Static

static

3

2b2648e45e...50.exe

windows7-x64

10

2b2648e45e...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b2648e45e2eb6c3bc0abcf773ff835f87c9ebdc364deecf89016d98b7092350

  • Size

    178KB

  • Sample

    250122-12nj4ayqar

  • MD5

    832d939c19d3c697dce236d075b478f7

  • SHA1

    3d23ff4463ec20d29befc3bcde43012035bfb2ed

  • SHA256

    2b2648e45e2eb6c3bc0abcf773ff835f87c9ebdc364deecf89016d98b7092350

  • SHA512

    6500ccde9d78f211fe3368505f8a8b0b3b78e2c92a9e3c2ddc36307e9d41502218563ef82304b5be265663ce84ee619cd11b7507c00447123ffd5aca767beb81

  • SSDEEP

    3072:sLL3KSPwEeRF8vKZps4hbyzYASfWEH5i28m6JZSIoyFYVtvys:sLL3KSPwXZpHhbyULLAXXNoy6x

Score
10/10
smokeloadercecebackdoordiscoverytrojan

Malware Config

Extracted

Family

smokeloader

Botnet

cece

Extracted

Family

smokeloader

Version

2018

C2

http://proxy-exe.bit/2/

http://kiyanka.club/2/

http://d3s1.me/2/
rc4.i32
rc4.i32

Targets

    • Target

      2b2648e45e2eb6c3bc0abcf773ff835f87c9ebdc364deecf89016d98b7092350

    • Size

      178KB

    • MD5

      832d939c19d3c697dce236d075b478f7

    • SHA1

      3d23ff4463ec20d29befc3bcde43012035bfb2ed

    • SHA256

      2b2648e45e2eb6c3bc0abcf773ff835f87c9ebdc364deecf89016d98b7092350

    • SHA512

      6500ccde9d78f211fe3368505f8a8b0b3b78e2c92a9e3c2ddc36307e9d41502218563ef82304b5be265663ce84ee619cd11b7507c00447123ffd5aca767beb81

    • SSDEEP

      3072:sLL3KSPwEeRF8vKZps4hbyzYASfWEH5i28m6JZSIoyFYVtvys:sLL3KSPwXZpHhbyULLAXXNoy6x

    Score
    10/10
    smokeloadercecebackdoordiscoverytrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Smokeloader family

      smokeloader

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks