smokeloader | 9aba44e14d29d0d83dab4445c4fba9ae41fc914dc544b44cce4a4d11b7a85764 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

9aba44e14d29d0d83dab4445c4fba9ae41fc914dc544b44cce4a4d11b7a85764
Size

312KB
Sample

230306-2lhjksfb98
MD5

f3c43f777e940a212cce90ae833d96fd
SHA1

b4f8b2c8c405369c7c69414140347c63ae2522d9
SHA256

9aba44e14d29d0d83dab4445c4fba9ae41fc914dc544b44cce4a4d11b7a85764
SHA512

0b1069acdbb3969f61ac9a605f1706971ae445a08f9575dde91134cfd126700e6fc79acef1ffc5a612e15c0948af9bfdc0909bb2a690a2b0f19e80140bec8b51
SSDEEP

3072:c1iz3BJ7zLaST29CG5goUAplavWlZ/QJf3a8CgZZvCdxIxmUGHZlKIBkuyABcY9/:1z3DLLqOo6elZYt9PvvCHkGHPl6SBGc

Score

10^/10

smokeloader backdoor persistence pyinstaller trojan

Static task

static1

Behavioral task

behavioral1

Sample

9aba44e14d29d0d83dab4445c4fba9ae41fc914dc544b44cce4a4d11b7a85764.exe

Resource

win10v2004-20230220-en

smokeloader backdoor persistence pyinstaller trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9aba44e14d29d0d83dab4445c4fba9ae41fc914dc544b44cce4a4d11b7a85764
- Size
  
  312KB
- MD5
  
  f3c43f777e940a212cce90ae833d96fd
- SHA1
  
  b4f8b2c8c405369c7c69414140347c63ae2522d9
- SHA256
  
  9aba44e14d29d0d83dab4445c4fba9ae41fc914dc544b44cce4a4d11b7a85764
- SHA512
  
  0b1069acdbb3969f61ac9a605f1706971ae445a08f9575dde91134cfd126700e6fc79acef1ffc5a612e15c0948af9bfdc0909bb2a690a2b0f19e80140bec8b51
- SSDEEP
  
  3072:c1iz3BJ7zLaST29CG5goUAplavWlZ/QJf3a8CgZZvCdxIxmUGHZlKIBkuyABcY9/:1z3DLLqOo6elZYt9PvvCHkGHPl6SBGc
Score

10^/10

smokeloader backdoor persistence pyinstaller trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencepyinstallertrojan

© 2018-2025

Terms | Privacy