smokeloader | 711b1ffba35470c7341ee76ea2308d1aea7722573f827a909ff6950054571124 | Triage

Sharing

General

Target

711b1ffba35470c7341ee76ea2308d1aea7722573f827a909ff6950054571124
Size

188KB
Sample

220127-z4x1wabcb4
MD5

5e9f68bb219f2c8b129eaa9bf3af7f20
SHA1

7c1fd27ade6793e787e42c1b5dba78c002948b05
SHA256

711b1ffba35470c7341ee76ea2308d1aea7722573f827a909ff6950054571124
SHA512

09305a5c392e7782c9787b95aa40ade538232cabf5dfde27fd4fd7c758aa3446727570cbd617f042c69ffecf6e8be39772b61cbc111e68765e55c32a6474c240

Score

10^/10

smokeloader backdoor evasion persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  711b1ffba35470c7341ee76ea2308d1aea7722573f827a909ff6950054571124
- Size
  
  188KB
- MD5
  
  5e9f68bb219f2c8b129eaa9bf3af7f20
- SHA1
  
  7c1fd27ade6793e787e42c1b5dba78c002948b05
- SHA256
  
  711b1ffba35470c7341ee76ea2308d1aea7722573f827a909ff6950054571124
- SHA512
  
  09305a5c392e7782c9787b95aa40ade538232cabf5dfde27fd4fd7c758aa3446727570cbd617f042c69ffecf6e8be39772b61cbc111e68765e55c32a6474c240
Score

10^/10

smokeloader backdoor evasion persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorevasionpersistencetrojan