Description
Modular backdoor trojan in use since 2014.
c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd
General
Target
Size
Sample
c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd
305KB
220521-wlmkmsaeb5
Score
10 /10
MD5
SHA1
SHA256
SHA512
eb9b532b8edac23726c27b76bf330e03
a7aa6b9e089fd4f6845d84c7569e55eb3971c5e1
c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd
0a721e387100f446bee4987f50ec6ca71312a239136f68912c8a677ea0530e2b9c008980bbe5402d3ed17df22a0dbfd0e833440c243b49745224669fbede050e
Malware Config
Extracted
| Family | smokeloader |
| Version | 2020 |
| C2 |
https://ny-city-mall.com/search.php https://fresh-cars.net/search.php |
| rc4.i32 |
|
| rc4.i32 |
|
Targets
Target
MD5
Filesize
c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd
eb9b532b8edac23726c27b76bf330e03
305KB
Score
10/10
SHA1
SHA256
SHA512
a7aa6b9e089fd4f6845d84c7569e55eb3971c5e1
c90f94b9d9cb151bd554e33378ef639551d874a00611ccbdbbef8639407e4dbd
0a721e387100f446bee4987f50ec6ca71312a239136f68912c8a677ea0530e2b9c008980bbe5402d3ed17df22a0dbfd0e833440c243b49745224669fbede050e
Tags
Signatures
-
SmokeLoader
-
Modifies Windows Firewall
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks