Overview

overview

10

Static

static

smoke.exe

windows7_x64

10

smoke.exe

windows10_x64

10

Resubmissions

11-01-2023 13:54

230111-q71fqsdb89 10

27-08-2020 15:49

200827-v6tcrvw9es 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smoke.exe

  • Size

    329KB

  • Sample

    200827-v6tcrvw9es

  • MD5

    5fc6f24d43bc7ca45a81d159291955d1

  • SHA1

    72fc3ce96bd9406215cec015d70bbb67318f1e23

  • SHA256

    fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934

  • SHA512

    b39488cfaec3bbe93fc4b22f92edfc3b2b729e6f75a472d722418b259fc9c74faae60f5126384dc242ba1b42300e60428c7c530982550625cd59e1684f7c9380

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://protest-01242505.tk/

http://test-service012505.ru.com/

http://test-service012505.pw/

http://test-service012505.com/

http://test-service012505.site/

http://test-service012505.store/

http://test-service01242505.ru/

http://mytest-service012505.ru/

http://test-service012505.su/

http://test-service012505.info/

http://test-service012505.net/

http://test-service012505.tech/

http://test-service012505.online/

http://rutest-service012505.ru/

http://test-service01dom2505.ru/

http://test-service012505.website/

http://test-service012505.xyz/

http://test-service01pro2505.ru/

http://test-service01rus2505.ru/

http://test-service012505.eu/
rc4.i32
rc4.i32

Targets

    • Target

      smoke.exe

    • Size

      329KB

    • MD5

      5fc6f24d43bc7ca45a81d159291955d1

    • SHA1

      72fc3ce96bd9406215cec015d70bbb67318f1e23

    • SHA256

      fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934

    • SHA512

      b39488cfaec3bbe93fc4b22f92edfc3b2b729e6f75a472d722418b259fc9c74faae60f5126384dc242ba1b42300e60428c7c530982550625cd59e1684f7c9380

    Score
    10/10
    trojanbackdoorsmokeloader

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks