smokeloader

General

Target

40ca7f8289001cc52baa68ed8a251141c3ed68fc7408046cc666c126f82fe20c
Size

466KB
Sample

220708-rl99gsfec9
MD5

4722771df719a14e07075c90c600c2e1
SHA1

c7cb81bdb073c699d4799662fa7203ac33e415f3
SHA256

40ca7f8289001cc52baa68ed8a251141c3ed68fc7408046cc666c126f82fe20c
SHA512

0be9a4ee3e0d2b6359c7a26d5f1bcfaed7ece1b20d970c347ccade501e51372e90b3c62f06f51f6df3f8e080b9f908de6d5647197c3ec98b17a46386a6c30877

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://migyno.win/

http://migyno.bid/

http://migyno.date/

http://migyno.faith/

http://migyno.loan/

http://migyno.men/

http://migyno.party/

http://migyno.stream/

http://migyno.trade/

rc4.i32

Targets

- Target
  
  40ca7f8289001cc52baa68ed8a251141c3ed68fc7408046cc666c126f82fe20c
- Size
  
  466KB
- MD5
  
  4722771df719a14e07075c90c600c2e1
- SHA1
  
  c7cb81bdb073c699d4799662fa7203ac33e415f3
- SHA256
  
  40ca7f8289001cc52baa68ed8a251141c3ed68fc7408046cc666c126f82fe20c
- SHA512
  
  0be9a4ee3e0d2b6359c7a26d5f1bcfaed7ece1b20d970c347ccade501e51372e90b3c62f06f51f6df3f8e080b9f908de6d5647197c3ec98b17a46386a6c30877
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Maps connected drives based on registry

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2