smokeloader | 3449d9a2873d48c3297e2d0f86ad634978aaaefcc80a669fe9efedbd859f7f30 | Triage

Sharing

General

Target

3449d9a2873d48c3297e2d0f86ad634978aaaefcc80a669fe9efedbd859f7f30
Size

304KB
Sample

220521-t48jqaabg5
MD5

78ab6d406247d0b80c6dfad070772768
SHA1

21a72ad164710c0a3bb55031f1c3dd8d5f4e4ad7
SHA256

3449d9a2873d48c3297e2d0f86ad634978aaaefcc80a669fe9efedbd859f7f30
SHA512

4ca27a427f2667d6d6ab8b813a651600633b2575e144557b35bf259c9944c45a98d9236d59c5d6f5d00288b8c024949c1a17b6d2cf6ac98ecff19e7121b71ac3

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://bahninfo.at/upload/

http://img4mobi.com/upload/

http://equix.ru/upload/

http://worldalltv.com/upload/

http://negarehgallery.com/upload/

http://lite-server.ru/upload/

http://piratia/su/upload/

http://go-piratia.ru/upload/

http://monsutiur4.com/

http://nusurionuy5ff.at/

http://moroitomo4.net/

http://susuerulianita1.net/

http://cucumbetuturel4.com/

http://nunuslushau.com/

http://linislominyt11.at/

http://luxulixionus.net/

http://lilisjjoer44.com/

http://nikogminut88.at/

http://limo00ruling.org/

http://mini55tunul.com/

rc4.i32

rc4.i32

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Targets

- Target
  
  3449d9a2873d48c3297e2d0f86ad634978aaaefcc80a669fe9efedbd859f7f30
- Size
  
  304KB
- MD5
  
  78ab6d406247d0b80c6dfad070772768
- SHA1
  
  21a72ad164710c0a3bb55031f1c3dd8d5f4e4ad7
- SHA256
  
  3449d9a2873d48c3297e2d0f86ad634978aaaefcc80a669fe9efedbd859f7f30
- SHA512
  
  4ca27a427f2667d6d6ab8b813a651600633b2575e144557b35bf259c9944c45a98d9236d59c5d6f5d00288b8c024949c1a17b6d2cf6ac98ecff19e7121b71ac3
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan