smokeloader | d59d37d920668cbd978787961f95085cf47e7bc91323384e7304cf830917d3a1 | Triage

Sharing

General

Target

d59d37d920668cbd978787961f95085cf47e7bc91323384e7304cf830917d3a1
Size

199KB
Sample

230310-mg5e8acg48
MD5

37a9f2f21d9309d3ab2f2f05a620345d
SHA1

1fa2b5f6d177850044c5ea4caf372d8b0edd234f
SHA256

d59d37d920668cbd978787961f95085cf47e7bc91323384e7304cf830917d3a1
SHA512

fba3b2b979139947b0fa79242f75d83f65acca398c035cc287265b378254442a01fe882251e75850c278088d6d8493504ced96e3675d7ef41f8274b6fb2ac9d2
SSDEEP

3072:svF26uNWZiEfUUu6Ga/kRtY7UuquUXsIKw65bB1OmcglpC:R6AWZ1vJkRtwPUXsIKzd15z

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d59d37d920668cbd978787961f95085cf47e7bc91323384e7304cf830917d3a1
- Size
  
  199KB
- MD5
  
  37a9f2f21d9309d3ab2f2f05a620345d
- SHA1
  
  1fa2b5f6d177850044c5ea4caf372d8b0edd234f
- SHA256
  
  d59d37d920668cbd978787961f95085cf47e7bc91323384e7304cf830917d3a1
- SHA512
  
  fba3b2b979139947b0fa79242f75d83f65acca398c035cc287265b378254442a01fe882251e75850c278088d6d8493504ced96e3675d7ef41f8274b6fb2ac9d2
- SSDEEP
  
  3072:svF26uNWZiEfUUu6Ga/kRtY7UuquUXsIKw65bB1OmcglpC:R6AWZ1vJkRtwPUXsIKzd15z
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan