smokeloader | 22fd2f8f15dd565dd97bdbc7ca5ad622560ee06d28c17a2c7c9e6003e60babd6 | Triage

Sharing

General

Target

22fd2f8f15dd565dd97bdbc7ca5ad622560ee06d28c17a2c7c9e6003e60babd6
Size

173KB
Sample

220612-dn9tvabgdj
MD5

ba9c1eef8cf5c8bc31fa0a3b17734efe
SHA1

73e4ec24c18e95746d6772ade9dd4b5b23991941
SHA256

22fd2f8f15dd565dd97bdbc7ca5ad622560ee06d28c17a2c7c9e6003e60babd6
SHA512

52680ab7c5ae192a03458fc4804eaf80d493e170ba9c92f24d411311d8bbcfc080169128aa9e831a91a18691fc2bb13dfd698f528773fef36c237539c4ffb2a5

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://bbank.bit/

http://abank.bit/

Targets

- Target
  
  22fd2f8f15dd565dd97bdbc7ca5ad622560ee06d28c17a2c7c9e6003e60babd6
- Size
  
  173KB
- MD5
  
  ba9c1eef8cf5c8bc31fa0a3b17734efe
- SHA1
  
  73e4ec24c18e95746d6772ade9dd4b5b23991941
- SHA256
  
  22fd2f8f15dd565dd97bdbc7ca5ad622560ee06d28c17a2c7c9e6003e60babd6
- SHA512
  
  52680ab7c5ae192a03458fc4804eaf80d493e170ba9c92f24d411311d8bbcfc080169128aa9e831a91a18691fc2bb13dfd698f528773fef36c237539c4ffb2a5
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2