smokeloader | c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d | Triage

Sharing

General

Target

5442c936447943b763574d001e77a70b
Size

333KB
Sample

220126-zcfbraaagj
MD5

5442c936447943b763574d001e77a70b
SHA1

b0dd0c3c0642bc5c175b4ef593b14ef36a6818bb
SHA256

c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d
SHA512

decf02649002a0e7f468a15ee074cd6bb4eed3af47167fe619cd42bd042f1c9707c9b6536ebdff12e14ac5851be2b48fc72e5a70d62c3033573d1523c1c3e83e

Score

10^/10

smokeloader backdoor collection suricata trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://kotabuki.com/

http://slusextense.com/

http://purekidboo.com/

http://wildzipcode.biz/

rc4.i32

rc4.i32

Targets

- Target
  
  5442c936447943b763574d001e77a70b
- Size
  
  333KB
- MD5
  
  5442c936447943b763574d001e77a70b
- SHA1
  
  b0dd0c3c0642bc5c175b4ef593b14ef36a6818bb
- SHA256
  
  c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d
- SHA512
  
  decf02649002a0e7f468a15ee074cd6bb4eed3af47167fe619cd42bd042f1c9707c9b6536ebdff12e14ac5851be2b48fc72e5a70d62c3033573d1523c1c3e83e
Score

10^/10

smokeloader backdoor collection trojan suricata
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
  suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
  suricata
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiontrojan

behavioral2

smokeloaderbackdoorcollectionsuricatatrojan