smokeloader

General

Target

smoke.exe
Size

329KB
Sample

200827-v6tcrvw9es
MD5

5fc6f24d43bc7ca45a81d159291955d1
SHA1

72fc3ce96bd9406215cec015d70bbb67318f1e23
SHA256

fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934
SHA512

b39488cfaec3bbe93fc4b22f92edfc3b2b729e6f75a472d722418b259fc9c74faae60f5126384dc242ba1b42300e60428c7c530982550625cd59e1684f7c9380

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://protest-01242505.tk/

http://test-service012505.ru.com/

http://test-service012505.pw/

http://test-service012505.com/

http://test-service012505.site/

http://test-service012505.store/

http://test-service01242505.ru/

http://mytest-service012505.ru/

http://test-service012505.su/

http://test-service012505.info/

http://test-service012505.net/

http://test-service012505.tech/

http://test-service012505.online/

http://rutest-service012505.ru/

http://test-service01dom2505.ru/

http://test-service012505.website/

http://test-service012505.xyz/

http://test-service01pro2505.ru/

http://test-service01rus2505.ru/

http://test-service012505.eu/

rc4.i32

Targets

- Target
  
  smoke.exe
- Size
  
  329KB
- MD5
  
  5fc6f24d43bc7ca45a81d159291955d1
- SHA1
  
  72fc3ce96bd9406215cec015d70bbb67318f1e23
- SHA256
  
  fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934
- SHA512
  
  b39488cfaec3bbe93fc4b22f92edfc3b2b729e6f75a472d722418b259fc9c74faae60f5126384dc242ba1b42300e60428c7c530982550625cd59e1684f7c9380
Score

10^/10

trojan backdoor smokeloader
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2