smokeloader | 3dcf108338c4887a1724411bcce869d4ef03a393481c51581782d6eb312d2331 | Triage

Sharing

General

Target

3dcf108338c4887a1724411bcce869d4ef03a393481c51581782d6eb312d2331
Size

317KB
Sample

220125-v6f3xscbf2
MD5

cf8ea443ae6c0a8367f3836a79ed9182
SHA1

455aa80e99b3546942fb7460404ac5205d08c282
SHA256

3dcf108338c4887a1724411bcce869d4ef03a393481c51581782d6eb312d2331
SHA512

98e601de70a6a93b28eec138023d6153311785eb2950ac1ef7402baea2c1cc47f1a07779aaf32a8d09708e2cbd71bf515aaf095994b50e7fde9ed310329ccde7

Score

10^/10

smokeloader backdoor evasion trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  3dcf108338c4887a1724411bcce869d4ef03a393481c51581782d6eb312d2331
- Size
  
  317KB
- MD5
  
  cf8ea443ae6c0a8367f3836a79ed9182
- SHA1
  
  455aa80e99b3546942fb7460404ac5205d08c282
- SHA256
  
  3dcf108338c4887a1724411bcce869d4ef03a393481c51581782d6eb312d2331
- SHA512
  
  98e601de70a6a93b28eec138023d6153311785eb2950ac1ef7402baea2c1cc47f1a07779aaf32a8d09708e2cbd71bf515aaf095994b50e7fde9ed310329ccde7
Score

10^/10

smokeloader backdoor evasion trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorevasiontrojan