smokeloader | 34ddcf76eaab0ce9d00cc121ada77e5c2b8ad4a89475a20839ab2f7971d1ca80 | Triage

Submit
Reports

Overview

overview

Static

static

478f10e078...61.rtf

windows7_x64

478f10e078...61.rtf

windows10_x64

1

Sharing

General

Target

478f10e0783a32a7a31258ec48752661.rtf
Size

1.3MB
Sample

201211-8nevq1wmyx
MD5

478f10e0783a32a7a31258ec48752661
SHA1

fa243c063ffeee90057a8eb0427adaa018f96280
SHA256

34ddcf76eaab0ce9d00cc121ada77e5c2b8ad4a89475a20839ab2f7971d1ca80
SHA512

7cac616bf90df54e6d0656f6919996c94995184c9ef681c8c692e6ed120a84254e41f2154bf1fec4571cc51a6f54c7f67db13e807f8c80eaa6b53bfdc7ab4fae

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

478f10e0783a32a7a31258ec48752661.rtf

Resource

win7v20201028

smokeloader backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

478f10e0783a32a7a31258ec48752661.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://perkyplay.com/z/

rc4.i32

rc4.i32

Targets

- Target
  
  478f10e0783a32a7a31258ec48752661.rtf
- Size
  
  1.3MB
- MD5
  
  478f10e0783a32a7a31258ec48752661
- SHA1
  
  fa243c063ffeee90057a8eb0427adaa018f96280
- SHA256
  
  34ddcf76eaab0ce9d00cc121ada77e5c2b8ad4a89475a20839ab2f7971d1ca80
- SHA512
  
  7cac616bf90df54e6d0656f6919996c94995184c9ef681c8c692e6ed120a84254e41f2154bf1fec4571cc51a6f54c7f67db13e807f8c80eaa6b53bfdc7ab4fae
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

© 2018-2024

Terms | Privacy