Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
|
|
AV Detection |
---|
Source: |
Malware Configuration Extractor: |
Source: |
Virustotal: |
Perma Link |
Source: |
URL Reputation: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
Virustotal: |
Perma Link |
Source: |
ReversingLabs: |
|||
Source: |
Virustotal: |
Perma Link |
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
0_2_00403870 |
Networking |
---|
Source: |
Domain query: |
|||
Source: |
Domain query: |
|||
Source: |
Network Connect: |
Jump to behavior |
Source: |
URLs: |
||
Source: |
URLs: |
Source: |
ASN Name: |
Source: |
IP Address: |
Source: |
HTTP traffic detected: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
HTTP traffic detected: |
Source: |
DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Source: |
Binary or memory string: |
System Summary |
---|
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
Source: |
Static PE information: |
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
||
Source: |
Matched rule: |
Source: |
Code function: |
0_2_004118DE | |
Source: |
Code function: |
0_2_0040A4AA | |
Source: |
Code function: |
0_2_0041251A | |
Source: |
Code function: |
0_2_004132E1 | |
Source: |
Code function: |
0_2_0041139A |
Source: |
Code function: |
Source: |
Code function: |
0_2_007F0110 | |
Source: |
Code function: |
1_2_0040180C | |
Source: |
Code function: |
1_2_00401818 | |
Source: |
Code function: |
1_2_00401822 | |
Source: |
Code function: |
1_2_00401826 | |
Source: |
Code function: |
1_2_00401834 | |
Source: |
Code function: |
5_2_00820110 | |
Source: |
Code function: |
6_2_0040180C | |
Source: |
Code function: |
6_2_00401818 | |
Source: |
Code function: |
6_2_00401822 | |
Source: |
Code function: |
6_2_00401826 | |
Source: |
Code function: |
6_2_00401834 |
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Virustotal: |
Source: |
Static PE information: |
Source: |
Key opened: |
Jump to behavior |
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior |
Source: |
Key value queried: |
Jump to behavior |
Source: |
File created: |
Jump to behavior |
Source: |
Classification label: |
Source: |
Command line argument: |
0_2_00403FE0 | |
Source: |
Command line argument: |
0_2_00403FE0 | |
Source: |
Command line argument: |
0_2_00403FE0 | |
Source: |
Command line argument: |
0_2_00403FE0 | |
Source: |
Command line argument: |
0_2_00403FE0 | |
Source: |
Command line argument: |
0_2_00403FE0 |
Source: |
File read: |
Jump to behavior | ||
Source: |
File read: |
Jump to behavior |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Data Obfuscation |
---|
Source: |
Unpacked PE file: |
||
Source: |
Unpacked PE file: |
Source: |
Code function: |
0_2_0040745C | |
Source: |
Code function: |
0_2_00403771 | |
Source: |
Code function: |
0_2_007F19B7 | |
Source: |
Code function: |
0_2_007F19B7 | |
Source: |
Code function: |
0_2_007F19B7 | |
Source: |
Code function: |
1_2_00401217 | |
Source: |
Code function: |
1_2_00401217 | |
Source: |
Code function: |
1_2_00401217 | |
Source: |
Code function: |
5_2_008219B7 | |
Source: |
Code function: |
5_2_008219B7 | |
Source: |
Code function: |
5_2_008219B7 | |
Source: |
Code function: |
6_2_00401217 | |
Source: |
Code function: |
6_2_00401217 | |
Source: |
Code function: |
6_2_00401217 |
Source: |
Code function: |
0_2_0040D6B0 |
Source: |
Static PE information: |
||
Source: |
Static PE information: |
Source: |
File created: |
Jump to dropped file |
Source: |
File created: |
Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: |
File deleted: |
Jump to behavior |
Source: |
File opened: |
Jump to behavior |
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior |
Malware Analysis System Evasion |
---|
Source: |
Binary or memory string: |
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior | ||
Source: |
Key enumerated: |
Jump to behavior |
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep time: |
Jump to behavior | ||
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep time: |
Jump to behavior | ||
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep count: |
Jump to behavior | ||
Source: |
Thread sleep count: |
Jump to behavior |
Source: |
Last function: |
||
Source: |
Last function: |
Source: |
Window / User API: |
Jump to behavior | ||
Source: |
Window / User API: |
Jump to behavior | ||
Source: |
Window / User API: |
Jump to behavior | ||
Source: |
Window / User API: |
Jump to behavior |
Source: |
Process information queried: |
Jump to behavior |
Source: |
Code function: |
0_2_00403870 |
Source: |
System information queried: |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Anti Debugging |
---|
Source: |
System information queried: |
Jump to behavior | ||
Source: |
System information queried: |
Jump to behavior |
Source: |
Code function: |
0_2_0040533B |
Source: |
Code function: |
0_2_0040D6B0 |
Source: |
Code function: |
0_2_007F0042 | |
Source: |
Code function: |
5_2_00820042 |
Source: |
Process queried: |
Jump to behavior | ||
Source: |
Process queried: |
Jump to behavior |
Source: |
Code function: |
0_2_004084CF | |
Source: |
Code function: |
0_2_0040D9F8 | |
Source: |
Code function: |
0_2_0040533B | |
Source: |
Code function: |
0_2_004063C4 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: |
File created: |
Jump to dropped file |
Source: |
Domain query: |
|||
Source: |
Domain query: |
|||
Source: |
Network Connect: |
Jump to behavior |
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior |
Source: |
Memory written: |
Jump to behavior | ||
Source: |
Memory written: |
Jump to behavior |
Source: |
Code function: |
0_2_007F0110 |
Source: |
Thread created: |
Jump to behavior | ||
Source: |
Thread created: |
Jump to behavior |
Source: |
Process created: |
Jump to behavior | ||
Source: |
Process created: |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Source: |
Code function: |
0_2_00410F37 |
Source: |
Code function: |
0_2_0040963C |
Source: |
Code function: |
0_2_00403870 |
Stealing of Sensitive Information |
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
Remote Access Functionality |
---|
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
||
Source: |
File source: |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.50.153.68 | host-file-host6.com | United Kingdom | 198526 | GAZ-IS-ASRU | true |
Name | IP | Active |
---|---|---|
host-file-host6.com | 194.50.153.68 | true |
host-host-file8.com | unknown | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
|
unknown | |
true |
|
unknown |