smokeloader | 4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4 | Triage

Sharing

General

Target

4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4
Size

235KB
Sample

220521-xxp1kscge4
MD5

059a8da68bcee1d596d3f445decf8795
SHA1

0928a4ee560f3dfea29931cfaf8bd4f78c38c617
SHA256

4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4
SHA512

018feb0d12365ef3d5950aa2a2b70a448d992ab7e68ece4493d36963e64dbef74ac135989d071e3cdf5ec9e92845fdbdb247190158bc96841266d03a8bb91e84

Score

10^/10

smokeloader backdoor suricata trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://naritouzina.net/

http://nukaraguasleep.net/

http://notfortuaj.net/

http://natuturalistic.net/

http://zaniolofusa.net/

rc4.i32

rc4.i32

Targets

- Target
  
  4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4
- Size
  
  235KB
- MD5
  
  059a8da68bcee1d596d3f445decf8795
- SHA1
  
  0928a4ee560f3dfea29931cfaf8bd4f78c38c617
- SHA256
  
  4f9269aa09bac3fb5604de2a84dff5e8e376aa3030cb8d4a7f14fe87eee817f4
- SHA512
  
  018feb0d12365ef3d5950aa2a2b70a448d992ab7e68ece4493d36963e64dbef74ac135989d071e3cdf5ec9e92845fdbdb247190158bc96841266d03a8bb91e84
Score

10^/10

smokeloader backdoor trojan suricata
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorsuricatatrojan