smokeloader | 4bae31dea2364b814e4d3cf3f8db80182438e4e4bc4ed2846391d6307cfcbd2e | Triage

Sharing

General

Target

4bae31dea2364b814e4d3cf3f8db80182438e4e4bc4ed2846391d6307cfcbd2e
Size

244KB
Sample

220712-k35l1aebf4
MD5

982c627feddbe09520646a6315c9bdf1
SHA1

78c45ebbb1d9eec82823ce5b972659c7f27ea987
SHA256

4bae31dea2364b814e4d3cf3f8db80182438e4e4bc4ed2846391d6307cfcbd2e
SHA512

bba410680438a6f2bfea70ca55c31cf12bc891b0dda567b29d8464aa64c07cbf59fe0fc3c09547d80ce99f5db4cc7559838affa7de42e62748d066ad7c0ef3f6

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://js0c892.se/jd/

rc4.i32

rc4.i32

Targets

- Target
  
  4bae31dea2364b814e4d3cf3f8db80182438e4e4bc4ed2846391d6307cfcbd2e
- Size
  
  244KB
- MD5
  
  982c627feddbe09520646a6315c9bdf1
- SHA1
  
  78c45ebbb1d9eec82823ce5b972659c7f27ea987
- SHA256
  
  4bae31dea2364b814e4d3cf3f8db80182438e4e4bc4ed2846391d6307cfcbd2e
- SHA512
  
  bba410680438a6f2bfea70ca55c31cf12bc891b0dda567b29d8464aa64c07cbf59fe0fc3c09547d80ce99f5db4cc7559838affa7de42e62748d066ad7c0ef3f6
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan