smokeloader | 32e59da764725e6adbc7a2f84689e8404bd91edd9a5e5950550e002e45f69801 | Triage

Sharing

General

Target

32e59da764725e6adbc7a2f84689e8404bd91edd9a5e5950550e002e45f69801
Size

210KB
Sample

220620-e73qbaefap
MD5

90168486e14502fd04ce3df2c4bacd17
SHA1

82f51f53c6832b0c535aaf2fa57478856453fdc2
SHA256

32e59da764725e6adbc7a2f84689e8404bd91edd9a5e5950550e002e45f69801
SHA512

5e8d7b0fbece683ebad61b31991d140c49e06874f00c53cbc95705c7c96c36005c4900822f3d014f6d7e92c88997df93c09f5b4507d2ff1e4d52a9f1dfe351d1

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://lufdx2.com/2/

http://gvs1.in/2/

http://jdcbhs.ru/2/

http://m21ch.com/2/

http://gdlvw1.com/2/

rc4.i32

rc4.i32

Targets

- Target
  
  32e59da764725e6adbc7a2f84689e8404bd91edd9a5e5950550e002e45f69801
- Size
  
  210KB
- MD5
  
  90168486e14502fd04ce3df2c4bacd17
- SHA1
  
  82f51f53c6832b0c535aaf2fa57478856453fdc2
- SHA256
  
  32e59da764725e6adbc7a2f84689e8404bd91edd9a5e5950550e002e45f69801
- SHA512
  
  5e8d7b0fbece683ebad61b31991d140c49e06874f00c53cbc95705c7c96c36005c4900822f3d014f6d7e92c88997df93c09f5b4507d2ff1e4d52a9f1dfe351d1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan