smokeloader | ebcca8c75617a70c21167f65e2e7b6c54adbbcae414cb2aeb60dd35c75b8a2a2 | Triage

Sharing

General

Target

ebcca8c75617a70c21167f65e2e7b6c54adbbcae414cb2aeb60dd35c75b8a2a2
Size

754KB
Sample

220625-ftjkysfdcl
MD5

1ddcd85d0438ed1dce596e93141a21a8
SHA1

ccee89465f9263534084035139e941a4db29028e
SHA256

ebcca8c75617a70c21167f65e2e7b6c54adbbcae414cb2aeb60dd35c75b8a2a2
SHA512

d29175a03299feea125898ddf56e18a45326261dac951be8297e10c72d43cb9d7fa85996e7b38f2ed942ea7e3f52bdb45f58b5ff08ad68542ba49b4e032f880b

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://systemscentr.bit/

http://unitarian.bit/

rc4.i32

rc4.i32

Targets

- Target
  
  ebcca8c75617a70c21167f65e2e7b6c54adbbcae414cb2aeb60dd35c75b8a2a2
- Size
  
  754KB
- MD5
  
  1ddcd85d0438ed1dce596e93141a21a8
- SHA1
  
  ccee89465f9263534084035139e941a4db29028e
- SHA256
  
  ebcca8c75617a70c21167f65e2e7b6c54adbbcae414cb2aeb60dd35c75b8a2a2
- SHA512
  
  d29175a03299feea125898ddf56e18a45326261dac951be8297e10c72d43cb9d7fa85996e7b38f2ed942ea7e3f52bdb45f58b5ff08ad68542ba49b4e032f880b
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2