smokeloader | 816e7acf20d964819c03b1acaf844029c12933f508e7dd116ad5d6949c7b9128 | Triage

Sharing

General

Target

816e7acf20d964819c03b1acaf844029c12933f508e7dd116ad5d6949c7b9128
Size

329KB
Sample

220125-pb95mafga7
MD5

d795100a35b890a342479fe347fc50c6
SHA1

9023f733a2fca66c2f6f1a5b12deff1ccd3aa372
SHA256

816e7acf20d964819c03b1acaf844029c12933f508e7dd116ad5d6949c7b9128
SHA512

24a9b300c777f0f026e92e0f6f5521e0b54fdc5fef580726c575f9af256efb73521aaab38517620c7e4d1dbc50a120e0cee42398c3fcb7c9427c6bd56fa28200

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://olobus.casa/feedback.php

https://trusho.online/feedback.php

rc4.i32

rc4.i32

Targets

- Target
  
  816e7acf20d964819c03b1acaf844029c12933f508e7dd116ad5d6949c7b9128
- Size
  
  329KB
- MD5
  
  d795100a35b890a342479fe347fc50c6
- SHA1
  
  9023f733a2fca66c2f6f1a5b12deff1ccd3aa372
- SHA256
  
  816e7acf20d964819c03b1acaf844029c12933f508e7dd116ad5d6949c7b9128
- SHA512
  
  24a9b300c777f0f026e92e0f6f5521e0b54fdc5fef580726c575f9af256efb73521aaab38517620c7e4d1dbc50a120e0cee42398c3fcb7c9427c6bd56fa28200
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan