smokeloader | 21f409a6ed024798e48e7eaae2b8b04b2d3c1786f69461136d930f273fcaed25 | Triage

Sharing

General

Target

21f409a6ed024798e48e7eaae2b8b04b2d3c1786f69461136d930f273fcaed25
Size

263KB
Sample

220125-vfe3yabeb4
MD5

debf1f79bca4e4945d490e36dfdd5978
SHA1

30a93271b70660f548ac3a07346fa966c6fa13c2
SHA256

21f409a6ed024798e48e7eaae2b8b04b2d3c1786f69461136d930f273fcaed25
SHA512

25f1bb52736400e4eba82dd61bdc65f44d81e0a5100ad8b02143345a8400f88b41ebd76acdbb588a53851096f7a64c2ec63b478440daab7d562212f710e7c956

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  21f409a6ed024798e48e7eaae2b8b04b2d3c1786f69461136d930f273fcaed25
- Size
  
  263KB
- MD5
  
  debf1f79bca4e4945d490e36dfdd5978
- SHA1
  
  30a93271b70660f548ac3a07346fa966c6fa13c2
- SHA256
  
  21f409a6ed024798e48e7eaae2b8b04b2d3c1786f69461136d930f273fcaed25
- SHA512
  
  25f1bb52736400e4eba82dd61bdc65f44d81e0a5100ad8b02143345a8400f88b41ebd76acdbb588a53851096f7a64c2ec63b478440daab7d562212f710e7c956
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan