smokeloader | c390f1f12cf19aa6e9cd4745f24453f6321e5baaa061e6af1769aa90e8e86fe4 | Triage

Sharing

General

Target

d92882345373d476c839231ec52d8047.exe
Size

32KB
Sample

201222-bv371xmca6
MD5

d92882345373d476c839231ec52d8047
SHA1

5dc2c5996e4570feb0ea9ba323c8c8bb07d1a889
SHA256

c390f1f12cf19aa6e9cd4745f24453f6321e5baaa061e6af1769aa90e8e86fe4
SHA512

a198d70b9f6820bef83d3ef59bb36ce994d8a0bd1b93d79063843bbe1ade5a05c6651ccf6172ecd39b1dcbe7e0ee30384570907bba03010cc8ee57881aac48f1

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://vipengland.com/2/

rc4.i32

rc4.i32

Targets

- Target
  
  d92882345373d476c839231ec52d8047.exe
- Size
  
  32KB
- MD5
  
  d92882345373d476c839231ec52d8047
- SHA1
  
  5dc2c5996e4570feb0ea9ba323c8c8bb07d1a889
- SHA256
  
  c390f1f12cf19aa6e9cd4745f24453f6321e5baaa061e6af1769aa90e8e86fe4
- SHA512
  
  a198d70b9f6820bef83d3ef59bb36ce994d8a0bd1b93d79063843bbe1ade5a05c6651ccf6172ecd39b1dcbe7e0ee30384570907bba03010cc8ee57881aac48f1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan