smokeloader

General

Target

6bf0c6ccf573c460133526c35e98bfe2.exe
Size

274KB
Sample

210412-zv6x2dwsfn
MD5

6bf0c6ccf573c460133526c35e98bfe2
SHA1

c0da68b5d658e8cae09d040afe556c602b04054a
SHA256

643bafce44fec576424c48dbef72072a1d27d33b60e25585d39bdbcffdca22e8
SHA512

0cba442b060e3236ac3807a373d239e1a379c193ae9aed5fcdbc8b8b647ca29fa5a863749bdc73c10cd8b060c28354f623a255a09e8423b1e88364cc61eade0a

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://smbproperty.ru/

http://gmbshop.ru/

http://baksproperty.gov.ug/

http://magistralpsw.ru/

http://mpmanagertzz.ru/

http://powerglasspot.ru/

http://autopartswarehouses.ru/

http://memoloves.ru/

http://alfavanilin.ru/

rc4.i32

Targets

- Target
  
  6bf0c6ccf573c460133526c35e98bfe2.exe
- Size
  
  274KB
- MD5
  
  6bf0c6ccf573c460133526c35e98bfe2
- SHA1
  
  c0da68b5d658e8cae09d040afe556c602b04054a
- SHA256
  
  643bafce44fec576424c48dbef72072a1d27d33b60e25585d39bdbcffdca22e8
- SHA512
  
  0cba442b060e3236ac3807a373d239e1a379c193ae9aed5fcdbc8b8b647ca29fa5a863749bdc73c10cd8b060c28354f623a255a09e8423b1e88364cc61eade0a
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2