smokeloader

General

Target

4c5ad4bc2265c918b8aeeff9c255a37fe0c321eb6e727756e73079e7dadfb44b
Size

219KB
Sample

220712-g86vgahed4
MD5

e1c7e9a12f5bf01b040c7661376ace3e
SHA1

29a9666c264335bab3d4e9a97926eaffdaeb0c5c
SHA256

4c5ad4bc2265c918b8aeeff9c255a37fe0c321eb6e727756e73079e7dadfb44b
SHA512

3a5c0ae13f9ee59fcc2c363f916faec717285110621c05e855c68d285154026bb1552e980bc14f3466543822a76764893f5685e609fffe2dff8188f4580ae883

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://advertmarin48.world/serverlogs29/

http://mailsmall78.club/serverlogs29/

http://kxservxmar75.club/serverlogs29/

http://dsmaild544x.xyz/serverlogs29/

http://fdmail709.club/serverlogs29/

http://servicestar751.club/serverlogs29/

http://staradvert9075.club/serverlogs29/

http://staradvert1883.club/serverlogs29/

rc4.i32

Targets

- Target
  
  4c5ad4bc2265c918b8aeeff9c255a37fe0c321eb6e727756e73079e7dadfb44b
- Size
  
  219KB
- MD5
  
  e1c7e9a12f5bf01b040c7661376ace3e
- SHA1
  
  29a9666c264335bab3d4e9a97926eaffdaeb0c5c
- SHA256
  
  4c5ad4bc2265c918b8aeeff9c255a37fe0c321eb6e727756e73079e7dadfb44b
- SHA512
  
  3a5c0ae13f9ee59fcc2c363f916faec717285110621c05e855c68d285154026bb1552e980bc14f3466543822a76764893f5685e609fffe2dff8188f4580ae883
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2