smokeloader | 1fe7b1173849114448eca5f4fe5e1d02ba49df20f466519a700a8765f4774979 | Triage

Sharing

General

Target

200617-waj7s33qj2_pw_infected.zip
Size

53KB
Sample

200617-zw384za27a
MD5

4ec8f3b74bb56f6a7ba086e14d0c69f9
SHA1

aeb41575e2df48ea78012105868a12ccc31283f5
SHA256

1fe7b1173849114448eca5f4fe5e1d02ba49df20f466519a700a8765f4774979
SHA512

5ba36af2a133863e17acc4a1a2157bb41a6c04e6562e31368fabd637594127a3d09ff11d1d5acb4fa662b71e4fd9c4a12f6926c85d473ca4cf09a5e1ffd65a27

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://ukcompany.me/

http://ukcompany.pw/

http://ukcompany.top/

rc4.i32

rc4.i32

Targets

- Target
  
  2c99759a02ca32d1a7e8afa09130633f
- Size
  
  237KB
- MD5
  
  2c99759a02ca32d1a7e8afa09130633f
- SHA1
  
  ddf98971664eb7b554c86b4ab2e2ba7d469f893c
- SHA256
  
  b65806521aa662bff2c655c8a7a3b6c8e598d709e35f3390df880a70c3fded40
- SHA512
  
  89df4e78c583f409beb3dde03a4e439ba52676dc8ecacd02271d2c30e3fc151c677446652cb7ec7a080c4c00dfc80d63fbdfb369b25deace1752d77b93310dcc
Score

10^/10

trojan backdoor smokeloader
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trojanbackdoorsmokeloader

behavioral2

trojanbackdoorsmokeloader