smokeloader

General

Target

33e329feb1bd511297746e186bb45830a94f5b2755d005e5f19ce6a0d11176a0
Size

312KB
Sample

220619-3r7w4aaeg5
MD5

720414ee268f5b9d1dea84ba00264edf
SHA1

c9c976a8f5972bbb11d4ef48743fb91437ca5eb9
SHA256

33e329feb1bd511297746e186bb45830a94f5b2755d005e5f19ce6a0d11176a0
SHA512

c76841635058be15e55c033d207a8e91e692f55d4e33b4cd65e4f760714d0ad897f5d2f6a91ef399b34db71d980364f1eed726c22a37a244c88b70a886b55cd1

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://berengolisk.bid/forum/topic.php

http://rarondas.ru/article/thread.php

http://bezumielolkersa.bid/news/dle.php

http://baronskiy.ru/pizdez/etopizdez.php

rc4.i32

Targets

- Target
  
  33e329feb1bd511297746e186bb45830a94f5b2755d005e5f19ce6a0d11176a0
- Size
  
  312KB
- MD5
  
  720414ee268f5b9d1dea84ba00264edf
- SHA1
  
  c9c976a8f5972bbb11d4ef48743fb91437ca5eb9
- SHA256
  
  33e329feb1bd511297746e186bb45830a94f5b2755d005e5f19ce6a0d11176a0
- SHA512
  
  c76841635058be15e55c033d207a8e91e692f55d4e33b4cd65e4f760714d0ad897f5d2f6a91ef399b34db71d980364f1eed726c22a37a244c88b70a886b55cd1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Maps connected drives based on registry

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2