smokeloader | 7ff7b0d1717017b6b65fd01d3ee8725c7fec6bb3f2a81943d45ffe28bd12c2a0 | Triage

Sharing

General

Target

7ff7b0d1717017b6b65fd01d3ee8725c7fec6bb3f2a81943d45ffe28bd12c2a0
Size

267KB
Sample

230310-dkt9zsbe39
MD5

a0fec3efb133d769caea3c7583de0a43
SHA1

b75134e3038bfeb1a10ff008c8c20017420b7911
SHA256

7ff7b0d1717017b6b65fd01d3ee8725c7fec6bb3f2a81943d45ffe28bd12c2a0
SHA512

f674b01fd013259e12a8ab341dfe02d7ed7901696c9e28157f6761a374b88d814a72888d695d575d3f5d9acdda6a8066262c1755b33a74fcaa7652d855e23a3a
SSDEEP

6144:zL8dzGuZnhCsOaobyhmWDJgehQh4Eh+mEN:zSGuZhznDhm2JgehENEN

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7ff7b0d1717017b6b65fd01d3ee8725c7fec6bb3f2a81943d45ffe28bd12c2a0
- Size
  
  267KB
- MD5
  
  a0fec3efb133d769caea3c7583de0a43
- SHA1
  
  b75134e3038bfeb1a10ff008c8c20017420b7911
- SHA256
  
  7ff7b0d1717017b6b65fd01d3ee8725c7fec6bb3f2a81943d45ffe28bd12c2a0
- SHA512
  
  f674b01fd013259e12a8ab341dfe02d7ed7901696c9e28157f6761a374b88d814a72888d695d575d3f5d9acdda6a8066262c1755b33a74fcaa7652d855e23a3a
- SSDEEP
  
  6144:zL8dzGuZnhCsOaobyhmWDJgehQh4Eh+mEN:zSGuZhznDhm2JgehENEN
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan