smokeloader | f7c09d9f4183a4e024b1a943b13d599540df81bffa5175223d10f5f344f5f6bc | Triage

Sharing

General

Target

f7c09d9f4183a4e024b1a943b13d599540df81bffa5175223d10f5f344f5f6bc
Size

189KB
Sample

220127-qgxxxsdcbj
MD5

c1d7d3c37cb954a86b42287ca35986ec
SHA1

7b5ba6597b26fe3b0136e5cd0fbe8dc1060f96d0
SHA256

f7c09d9f4183a4e024b1a943b13d599540df81bffa5175223d10f5f344f5f6bc
SHA512

b22a8e4f5b9b66660fa7fe42fcd06283c52b00384684b349959cf6580bd57895ddb57439e7527577d5635800da7e4c8ea3e84a3e2058aba6aef25f6b77e6e142

Score

10^/10

smokeloader backdoor collection trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  f7c09d9f4183a4e024b1a943b13d599540df81bffa5175223d10f5f344f5f6bc
- Size
  
  189KB
- MD5
  
  c1d7d3c37cb954a86b42287ca35986ec
- SHA1
  
  7b5ba6597b26fe3b0136e5cd0fbe8dc1060f96d0
- SHA256
  
  f7c09d9f4183a4e024b1a943b13d599540df81bffa5175223d10f5f344f5f6bc
- SHA512
  
  b22a8e4f5b9b66660fa7fe42fcd06283c52b00384684b349959cf6580bd57895ddb57439e7527577d5635800da7e4c8ea3e84a3e2058aba6aef25f6b77e6e142
Score

10^/10

smokeloader backdoor collection trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiontrojan