smokeloader | 1787e55bf83badaebc0f11ba919c1ae28afd3e14dc597d1336167320af4f231d | Triage

Sharing

General

Target

1146886288d7137abf2230b6332f0875.exe
Size

136KB
Sample

201229-fybcwnyb6s
MD5

1146886288d7137abf2230b6332f0875
SHA1

305f9c6511848a9c8c9d0052eb3612b6a250e67d
SHA256

1787e55bf83badaebc0f11ba919c1ae28afd3e14dc597d1336167320af4f231d
SHA512

42746a162abcc0e57f0b774dd6c1822e2b805f0bf9a8c9f751f09f02bc7c6b751bc52b9bc577604b7344ce80409c8080e69c510ed67b4a30e8e4e7d5110bbe04

Score

10^/10

smokeloader backdoor trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://vtdilet.com/upload/

http://netvxi.com/upload/

http://tinnys.monster/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  1146886288d7137abf2230b6332f0875.exe
- Size
  
  136KB
- MD5
  
  1146886288d7137abf2230b6332f0875
- SHA1
  
  305f9c6511848a9c8c9d0052eb3612b6a250e67d
- SHA256
  
  1787e55bf83badaebc0f11ba919c1ae28afd3e14dc597d1336167320af4f231d
- SHA512
  
  42746a162abcc0e57f0b774dd6c1822e2b805f0bf9a8c9f751f09f02bc7c6b751bc52b9bc577604b7344ce80409c8080e69c510ed67b4a30e8e4e7d5110bbe04
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan