smokeloader | 464998f5bf7c3490936b638d9b6431813aebc947080efe2dc6eb5a495588abab | Triage

Sharing

General

Target

5cd77b95_extracted
Size

34KB
Sample

210304-xkmq8l49ex
MD5

e21003354956dac75332fe47f41edce3
SHA1

2c24803bc69bc42d4cc04e8e238b88706a0e9fa7
SHA256

464998f5bf7c3490936b638d9b6431813aebc947080efe2dc6eb5a495588abab
SHA512

f4bf4fde08a2dbc12399c20131a24f656a71774674ac74b9a79911d67423b903fff0b35da19a0ff544f3145169f7a5ac378d706d1aa3ec364fd2237743feb679

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://lookupsky.net/

rc4.i32

rc4.i32

Targets

- Target
  
  5cd77b95_extracted
- Size
  
  34KB
- MD5
  
  e21003354956dac75332fe47f41edce3
- SHA1
  
  2c24803bc69bc42d4cc04e8e238b88706a0e9fa7
- SHA256
  
  464998f5bf7c3490936b638d9b6431813aebc947080efe2dc6eb5a495588abab
- SHA512
  
  f4bf4fde08a2dbc12399c20131a24f656a71774674ac74b9a79911d67423b903fff0b35da19a0ff544f3145169f7a5ac378d706d1aa3ec364fd2237743feb679
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan