smokeloader

General

Target

5597e91491519ec78b764fb657615529.exe
Size

257KB
Sample

210419-nd94j8xg7a
MD5

5597e91491519ec78b764fb657615529
SHA1

53081a84fcbcc5707881fd2f606812977770bfe1
SHA256

60922af94a3c7adf6d040dc1bd4d465983a38bd2410c050bef27deda8ce2002f
SHA512

e0d6e9ac7971b4282c7583624538da1f884bd9e9a826d88af10af57e4245569b1d32a0753adbed961d969acba8361c6a5713a3f6a0dba0681898eb8c48a31ee2

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://smbproperty.ru/

http://gmbshop.ru/

http://baksproperty.gov.ug/

http://magistralpsw.ru/

http://mpmanagertzz.ru/

http://powerglasspot.ru/

http://autopartswarehouses.ru/

http://memoloves.ru/

http://alfavanilin.ru/

rc4.i32

Targets

- Target
  
  5597e91491519ec78b764fb657615529.exe
- Size
  
  257KB
- MD5
  
  5597e91491519ec78b764fb657615529
- SHA1
  
  53081a84fcbcc5707881fd2f606812977770bfe1
- SHA256
  
  60922af94a3c7adf6d040dc1bd4d465983a38bd2410c050bef27deda8ce2002f
- SHA512
  
  e0d6e9ac7971b4282c7583624538da1f884bd9e9a826d88af10af57e4245569b1d32a0753adbed961d969acba8361c6a5713a3f6a0dba0681898eb8c48a31ee2
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2