smokeloader | a450758f49be45545b9302a46709901b249ae0559a9d8ed9f93bdc2c5726bb90 | Triage

Sharing

General

Target

a450758f49be45545b9302a46709901b249ae0559a9d8ed9f93bdc2c5726bb90
Size

330KB
Sample

211222-k83dtsgabr
MD5

47f3912800a0a15cb497437f4f3a7bba
SHA1

1f0f4efaf1a88826632e549cbc532a87a792abff
SHA256

a450758f49be45545b9302a46709901b249ae0559a9d8ed9f93bdc2c5726bb90
SHA512

81816d08d6b7f7e8b6bff146da57c7e0f47eef9e0264fbf94037bd818db864bafcaf40abee696f23e0b4858dd4aa59e79fe645d07ce2fa5f598a2768e586d8ee

Score

10^/10

smokeloader systembc backdoor suricata trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32

rc4.i32

Extracted

Family

systembc

C2

185.70.184.41:4001

Targets

- Target
  
  a450758f49be45545b9302a46709901b249ae0559a9d8ed9f93bdc2c5726bb90
- Size
  
  330KB
- MD5
  
  47f3912800a0a15cb497437f4f3a7bba
- SHA1
  
  1f0f4efaf1a88826632e549cbc532a87a792abff
- SHA256
  
  a450758f49be45545b9302a46709901b249ae0559a9d8ed9f93bdc2c5726bb90
- SHA512
  
  81816d08d6b7f7e8b6bff146da57c7e0f47eef9e0264fbf94037bd818db864bafcaf40abee696f23e0b4858dd4aa59e79fe645d07ce2fa5f598a2768e586d8ee
Score

10^/10

smokeloader systembc backdoor suricata trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersystembcbackdoorsuricatatrojan