smokeloader | 8b529ec0df961a661a0e6d64e758f0ca3154f00da916ce69957bc4d4129962e1 | Triage

Resubmissions

26-01-2022 14:10

220126-rgte6seac8 10

25-01-2022 22:14

220125-153hesgfc9 1

Sharing

General

Target

8b529ec0df961a661a0e6d64e758f0ca3154f00da916ce69957bc4d4129962e1
Size

317KB
Sample

220126-rgte6seac8
MD5

3699bf419fb414f1c9579d82e2b35bca
SHA1

43607f9123b874127e85b173342f2e05639e4e84
SHA256

8b529ec0df961a661a0e6d64e758f0ca3154f00da916ce69957bc4d4129962e1
SHA512

b083299b047c6d712ff646a1a5aacb58ac6bb96b4ff7c0162a4cab3bdd0f0ea2fd05d37a5a950dee9daa400c91753690ef52741b88d6c4aab5220a67bf5b4615

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  8b529ec0df961a661a0e6d64e758f0ca3154f00da916ce69957bc4d4129962e1
- Size
  
  317KB
- MD5
  
  3699bf419fb414f1c9579d82e2b35bca
- SHA1
  
  43607f9123b874127e85b173342f2e05639e4e84
- SHA256
  
  8b529ec0df961a661a0e6d64e758f0ca3154f00da916ce69957bc4d4129962e1
- SHA512
  
  b083299b047c6d712ff646a1a5aacb58ac6bb96b4ff7c0162a4cab3bdd0f0ea2fd05d37a5a950dee9daa400c91753690ef52741b88d6c4aab5220a67bf5b4615
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan