smokeloader | 78e426a4a1152fcd664359dc397c34d8ad637725dafe18ef262a9f700e0bdf7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78e426a4a1152fcd664359dc397c34d8ad637725dafe18ef262a9f700e0bdf7a
Size

181KB
Sample

230304-vzj61aee58
MD5

ea1c1109d75b12a3bda3e308c3dd8960
SHA1

417b5f689cdb85829e4bdd1b5ef97de9aa96c2e0
SHA256

78e426a4a1152fcd664359dc397c34d8ad637725dafe18ef262a9f700e0bdf7a
SHA512

ff345a5250b1d753d9802a8932bf5f497add0cfd017b530f942ab488b22a9b38c0c9027d9ec61a2fa026a44a28db732bb6643658f17d8ed8da6361f983002d19
SSDEEP

3072:Pn3xqHXBBgXfGYVDkBkM+OovzlsRIPXgeNja/JI0Kx:J2XngXf9aBGjzlsRIPweNUC0K

Score

10^/10

smokeloader backdoor spyware stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  78e426a4a1152fcd664359dc397c34d8ad637725dafe18ef262a9f700e0bdf7a
- Size
  
  181KB
- MD5
  
  ea1c1109d75b12a3bda3e308c3dd8960
- SHA1
  
  417b5f689cdb85829e4bdd1b5ef97de9aa96c2e0
- SHA256
  
  78e426a4a1152fcd664359dc397c34d8ad637725dafe18ef262a9f700e0bdf7a
- SHA512
  
  ff345a5250b1d753d9802a8932bf5f497add0cfd017b530f942ab488b22a9b38c0c9027d9ec61a2fa026a44a28db732bb6643658f17d8ed8da6361f983002d19
- SSDEEP
  
  3072:Pn3xqHXBBgXfGYVDkBkM+OovzlsRIPXgeNja/JI0Kx:J2XngXf9aBGjzlsRIPweNUC0K
Score

10^/10

smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorspywarestealertrojan