smokeloader | 2b0dea2ff2d83c8a0f9a2c72ccca46769955ea60dede40dc96e8e99e7f824de3 | Triage

Sharing

General

Target

2b0dea2ff2d83c8a0f9a2c72ccca46769955ea60dede40dc96e8e99e7f824de3
Size

316KB
Sample

220125-yhpxpseaf2
MD5

afc1267985c0d23f4b7fb22a4cc98cca
SHA1

fa0bb2db621e58372afe3a53af58b059c35f606e
SHA256

2b0dea2ff2d83c8a0f9a2c72ccca46769955ea60dede40dc96e8e99e7f824de3
SHA512

07a98098a729be1b2640c7a660f8a67481be198eb8106ae051729d4136d304117813ab9070f7140161fe7cb463f3c3b2fdafac908f919e80e5812c04d19bd6ae

Score

10^/10

smokeloader backdoor collection trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  2b0dea2ff2d83c8a0f9a2c72ccca46769955ea60dede40dc96e8e99e7f824de3
- Size
  
  316KB
- MD5
  
  afc1267985c0d23f4b7fb22a4cc98cca
- SHA1
  
  fa0bb2db621e58372afe3a53af58b059c35f606e
- SHA256
  
  2b0dea2ff2d83c8a0f9a2c72ccca46769955ea60dede40dc96e8e99e7f824de3
- SHA512
  
  07a98098a729be1b2640c7a660f8a67481be198eb8106ae051729d4136d304117813ab9070f7140161fe7cb463f3c3b2fdafac908f919e80e5812c04d19bd6ae
Score

10^/10

smokeloader backdoor collection trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiontrojan