smokeloader

General

Target

2487cb55ca95b48878951f446ad9bad2e36c7e0fe13861c56760dba446e1b3ea.zip
Size

166KB
Sample

230308-ne3z2sfh42
MD5

8ce82ecb195bebcdaa643c41247e24e5
SHA1

6adf482f3f266073fe023c36832e50cc363228f4
SHA256

4a640d3dfb08555a768227d2ff21cea8ff6216a0dd1af76116db979226919ae1
SHA512

e4e60d549b33c88a7534c5005fba169f5f4b98ba84c62e5881adba965790689765a3ac6845a93df529486709a93d1277336aa48f9e5845875aa02625d17aeaa3
SSDEEP

3072:NZqalRhw37YZLj7g+8+G6ZBjpWY9fnQnH+iHR6aJYA9VAv2pZj3YJ4SsuqWEB:NZPhw7q7lvjwUnoH+E6av9+v2roVsuEB

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

Targets

- Target
  
  2487cb55ca95b48878951f446ad9bad2e36c7e0fe13861c56760dba446e1b3ea.exe
- Size
  
  316KB
- MD5
  
  8d4f9140840fa96dc0d0c09ab4fe4723
- SHA1
  
  c7cb6ef0d52afe8527049093b1fc8d5e8de47215
- SHA256
  
  2487cb55ca95b48878951f446ad9bad2e36c7e0fe13861c56760dba446e1b3ea
- SHA512
  
  dc1c7ffc630cf97d76e3296a7a622ebfa49d9429b457239e6d86f389222fa46b1e715395a8b9cb1cd94fa4e37931c66d5353ded073ce9cca2e04ac0d92784370
- SSDEEP
  
  6144:z3J7LyWLKiz9O97JYgCXkeunZIT1c2oa:BmWWiRC7FC041/oa
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Smokeloader packer

Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2