smokeloader | 34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993 | Triage

Sharing

General

Target

34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
Size

612KB
Sample

220619-z24qmscfdm
MD5

abd55d904c86ffdae6983031082e2666
SHA1

1a44a69c29ffa636533c012abefe80e1f5641627
SHA256

34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
SHA512

c39a477db2983158ff43db453e5343c66091270c99af53fc6d3e2a206a0eda641641fab9615a76559432d49c5c4d523a03b6c7a661936304ca77048bd3218137

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

https://popandshop.ru/

https://shopandpop.ru/

https://shoptowin.ru/

https://shopandpop.su/

http://googletime.bit/

rc4.i32

rc4.i32

Targets

- Target
  
  34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
- Size
  
  612KB
- MD5
  
  abd55d904c86ffdae6983031082e2666
- SHA1
  
  1a44a69c29ffa636533c012abefe80e1f5641627
- SHA256
  
  34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
- SHA512
  
  c39a477db2983158ff43db453e5343c66091270c99af53fc6d3e2a206a0eda641641fab9615a76559432d49c5c4d523a03b6c7a661936304ca77048bd3218137
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan