smokeloader | 597c1dff871d2d2391f1b73583d4f14fb384198b7d16d107925523ca44cdd8d2 | Triage

Sharing

General

Target

35f735c94eb255488a1109e23db5b83e.exe
Size

136KB
Sample

201229-qgwh4r6hhx
MD5

35f735c94eb255488a1109e23db5b83e
SHA1

a6ab1cbe6891f5523c2b0cd19302a5fd0209cca8
SHA256

597c1dff871d2d2391f1b73583d4f14fb384198b7d16d107925523ca44cdd8d2
SHA512

bde7f7954d17329275063fc3afd3ab77a60bc9db51172f215c1b0790981baa9c156364b2d737d20f1fafe43846bab8acf0300fd1293b9e8eb860719f298eb38c

Score

10^/10

smokeloader backdoor trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://vtdilet.com/upload/

http://netvxi.com/upload/

http://tinnys.monster/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  35f735c94eb255488a1109e23db5b83e.exe
- Size
  
  136KB
- MD5
  
  35f735c94eb255488a1109e23db5b83e
- SHA1
  
  a6ab1cbe6891f5523c2b0cd19302a5fd0209cca8
- SHA256
  
  597c1dff871d2d2391f1b73583d4f14fb384198b7d16d107925523ca44cdd8d2
- SHA512
  
  bde7f7954d17329275063fc3afd3ab77a60bc9db51172f215c1b0790981baa9c156364b2d737d20f1fafe43846bab8acf0300fd1293b9e8eb860719f298eb38c
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan