smokeloader | f47b0998dd56d2bdeb31575dbe510b3f4a7cf40628e8162b16dc6017893ea3ce | Triage

Sharing

General

Target

f47b0998dd56d2bdeb31575dbe510b3f4a7cf40628e8162b16dc6017893ea3ce
Size

204KB
Sample

220708-slecgshfa6
MD5

d9da33f6af007de28347e1b49192d5ce
SHA1

f036d9686d9ad24d90ea5a7794907ed3af79a2fc
SHA256

f47b0998dd56d2bdeb31575dbe510b3f4a7cf40628e8162b16dc6017893ea3ce
SHA512

be1f8e64545a2c2bef59183c7b95bed2f9d2542f0f1a1e2d29bb2826bfd4fa63ff02a881334c77172ca9a842262e7c28409804d428757cbdde0dd6d69068a232

Score

10^/10

smokeloader backdoor trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://xmpphost.bit/

http://rarlabarchiver.ru/

rc4.i32

rc4.i32

Targets

- Target
  
  f47b0998dd56d2bdeb31575dbe510b3f4a7cf40628e8162b16dc6017893ea3ce
- Size
  
  204KB
- MD5
  
  d9da33f6af007de28347e1b49192d5ce
- SHA1
  
  f036d9686d9ad24d90ea5a7794907ed3af79a2fc
- SHA256
  
  f47b0998dd56d2bdeb31575dbe510b3f4a7cf40628e8162b16dc6017893ea3ce
- SHA512
  
  be1f8e64545a2c2bef59183c7b95bed2f9d2542f0f1a1e2d29bb2826bfd4fa63ff02a881334c77172ca9a842262e7c28409804d428757cbdde0dd6d69068a232
Score

10^/10

smokeloader backdoor trojan upx
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojanupx

behavioral2

smokeloaderbackdoortrojanupx