smokeloader | 9abc00865e3487cfa3e4f41ec68082c292cba5690f96e53c8c2818a58c64493e | Triage

Sharing

General

Target

200617-9p3dsew1sj_pw_infected.zip
Size

29KB
Sample

200617-rjh6akv952
MD5

72b195745e462b2ac7eb33093b291b97
SHA1

f0dbfeb0b7d25228909878495cb721b91044e1ca
SHA256

9abc00865e3487cfa3e4f41ec68082c292cba5690f96e53c8c2818a58c64493e
SHA512

3abc259532eacf05e6766d67e8523bed71b6f8602b6541e4b05214368322bae70499640df8c86fc776b9a6095ed9d6560a29537fd0a0317a0561b50a4328eb22

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://185.35.137.147/mlp/

rc4.i32

rc4.i32

Targets

- Target
  
  3cb9e63f6f46eefcb7747a42117b2a28
- Size
  
  32KB
- MD5
  
  3cb9e63f6f46eefcb7747a42117b2a28
- SHA1
  
  a9c5a3cba0ed357520a27116e98986abacffd76b
- SHA256
  
  418c7c294982186c2315c6a78524a38a6901310366261342952eea826d55927e
- SHA512
  
  1600db2fbaaca9726902c4d647e167dd4f337f013475357a80b853c650cbe9527984ea9cfd1b028ae6cb855070c6b29b8302bbaf0cd895db42e0ebbaf824ffda
Score

10^/10

trojan backdoor smokeloader
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanbackdoorsmokeloader

behavioral2

trojanbackdoorsmokeloader