Overview

overview

10

Static

static

2c99759a02...3f.exe

windows7_x64

10

2c99759a02...3f.exe

windows10_x64

10

Analysis

  • max time kernel
    56s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    17/06/2020, 16:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c99759a02ca32d1a7e8afa09130633f.exe

  • Size

    237KB

  • MD5

    2c99759a02ca32d1a7e8afa09130633f

  • SHA1

    ddf98971664eb7b554c86b4ab2e2ba7d469f893c

  • SHA256

    b65806521aa662bff2c655c8a7a3b6c8e598d709e35f3390df880a70c3fded40

  • SHA512

    89df4e78c583f409beb3dde03a4e439ba52676dc8ecacd02271d2c30e3fc151c677446652cb7ec7a080c4c00dfc80d63fbdfb369b25deace1752d77b93310dcc

Score
10/10
trojanbackdoorsmokeloader

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://ukcompany.me/

http://ukcompany.pw/

http://ukcompany.top/
rc4.i32
1
0xfbe19e4e
rc4.i32
1
0x0c9944c2

Signatures

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c99759a02ca32d1a7e8afa09130633f.exe
    "C:\Users\Admin\AppData\Local\Temp\2c99759a02ca32d1a7e8afa09130633f.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Maps connected drives based on registry
    PID:240

Network

    No results found
No results found
  • 239.255.255.250:1900
    966 B
     6
  • 239.255.255.250:1900

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/240-0-0x0000000000290000-0x00000000002A5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1208-2-0x0000000004D60000-0x0000000004D61000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.