smokeloader | 3c2436a9b5f69c6b49fffafb14be7da111ac999fa6ef32e6d6511465d38d10fc | Triage

Sharing

General

Target

3c2436a9b5f69c6b49fffafb14be7da111ac999fa6ef32e6d6511465d38d10fc
Size

356KB
Sample

220126-zankcaaaep
MD5

ba5d1cb466e39621a75457d1a251f0f0
SHA1

649584018ea8e3bc358bf8615b59cf98f60d8976
SHA256

3c2436a9b5f69c6b49fffafb14be7da111ac999fa6ef32e6d6511465d38d10fc
SHA512

a4cf2dba2ee8e4147052ad3f7948286a95a78e19b2d24d7e160cb03adb7fdd0df002576621dd674715606fcdf4ad0e9d7824f60e2c7ffa0552fd349a9ac31324

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  3c2436a9b5f69c6b49fffafb14be7da111ac999fa6ef32e6d6511465d38d10fc
- Size
  
  356KB
- MD5
  
  ba5d1cb466e39621a75457d1a251f0f0
- SHA1
  
  649584018ea8e3bc358bf8615b59cf98f60d8976
- SHA256
  
  3c2436a9b5f69c6b49fffafb14be7da111ac999fa6ef32e6d6511465d38d10fc
- SHA512
  
  a4cf2dba2ee8e4147052ad3f7948286a95a78e19b2d24d7e160cb03adb7fdd0df002576621dd674715606fcdf4ad0e9d7824f60e2c7ffa0552fd349a9ac31324
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan