smokeloader | ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90 | Triage

Sharing

General

Target

ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
Size

259KB
Sample

220701-esvfdsbefk
MD5

e78a17b913abb7f5b276e993a4fbfa39
SHA1

9af3fa3a1d3db32ebdb0fef5d47ebc87c1d7d9a3
SHA256

ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
SHA512

c938a1541dd102e13f87ce5344d013c73a2177c40a5268b042ba2780600feb0bc23ff9f71aacba7aaab093d9d17c3bbcf0ca53216b9f9cd374318435f00f9b87

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://taj.co.ug/

rc4.i32

rc4.i32

Targets

- Target
  
  ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
- Size
  
  259KB
- MD5
  
  e78a17b913abb7f5b276e993a4fbfa39
- SHA1
  
  9af3fa3a1d3db32ebdb0fef5d47ebc87c1d7d9a3
- SHA256
  
  ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
- SHA512
  
  c938a1541dd102e13f87ce5344d013c73a2177c40a5268b042ba2780600feb0bc23ff9f71aacba7aaab093d9d17c3bbcf0ca53216b9f9cd374318435f00f9b87
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan