smokeloader | 2585865ffb0337f7203112b9e5fa974a87f1330bbc7cf39cde419e32c4278158 | Triage

Sharing

General

Target

2585865ffb0337f7203112b9e5fa974a87f1330bbc7cf39cde419e32c4278158
Size

536KB
Sample

220611-xglm8agdd2
MD5

7bba29efc7f06e9503744111cb007f32
SHA1

3f4b85a06a90992da1317c1eed35596ee164e0f7
SHA256

2585865ffb0337f7203112b9e5fa974a87f1330bbc7cf39cde419e32c4278158
SHA512

de34f149ed6118a9fb00b3509bea66d8f8995c1c307bc5591245365df70ff0ff8af4746eb358d06e892177133e45fb406c7fd95b3056d20a3128fb9c29379d03

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://aviatorssm.bit/

http://anotherblock.bit/

rc4.i32

rc4.i32

Targets

- Target
  
  2585865ffb0337f7203112b9e5fa974a87f1330bbc7cf39cde419e32c4278158
- Size
  
  536KB
- MD5
  
  7bba29efc7f06e9503744111cb007f32
- SHA1
  
  3f4b85a06a90992da1317c1eed35596ee164e0f7
- SHA256
  
  2585865ffb0337f7203112b9e5fa974a87f1330bbc7cf39cde419e32c4278158
- SHA512
  
  de34f149ed6118a9fb00b3509bea66d8f8995c1c307bc5591245365df70ff0ff8af4746eb358d06e892177133e45fb406c7fd95b3056d20a3128fb9c29379d03
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan