smokeloader | fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758 | Triage

Resubmissions

29-03-2021 07:15

210329-ckntpd3l26 10

29-03-2021 07:06

210329-grqc5qt2g2 10

Sharing

General

Target

e0059c4ad73116bf0ea29d575ea2c175.exe
Size

162KB
Sample

210329-ckntpd3l26
MD5

e0059c4ad73116bf0ea29d575ea2c175
SHA1

a1316534bb8a3b52ec4f14d8c3172e49f6c5760f
SHA256

fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758
SHA512

b8a06dd6de28e6d29ebafe58bb6262412add147f01f3d3367dd7da95d083d92656e92a7bfce6a13179dc27b6ee346f5bcf98b0f067be2286a9cc741babd06de4

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://xsss99.icu/upload/

http://bingooodsg.icu/upload/

http://junntd.xyz/upload/

http://ginessa11.xyz/upload/

http://overplayninsx.xyz/upload/

http://bananinze.com/upload/

http://daunimlas.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  e0059c4ad73116bf0ea29d575ea2c175.exe
- Size
  
  162KB
- MD5
  
  e0059c4ad73116bf0ea29d575ea2c175
- SHA1
  
  a1316534bb8a3b52ec4f14d8c3172e49f6c5760f
- SHA256
  
  fb2e2174a3ec526861932043c1aa5b5e62e3abed0bb73e88e495eab66635e758
- SHA512
  
  b8a06dd6de28e6d29ebafe58bb6262412add147f01f3d3367dd7da95d083d92656e92a7bfce6a13179dc27b6ee346f5bcf98b0f067be2286a9cc741babd06de4
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan