smokeloader | 951b7f603b0657a51eebb5f875a76373d29dd084835b7dbb1419e648d535698d | Triage

Sharing

General

Target

b76b84ca83697613fb8d2a8bc116961c8aadab57ca385f8a3032d9399aeff01f.zip
Size

119KB
Sample

230310-nfk6maeh9x
MD5

affee664cb6d1a96ae0adccf70bf95e7
SHA1

caf8ed6109ee1a92dc8f12fcebe004653cd73404
SHA256

951b7f603b0657a51eebb5f875a76373d29dd084835b7dbb1419e648d535698d
SHA512

041bf1603339edf6528f6a36463afaf44e885f6a649550db3438bfeab78d2e9189f5f0e3ff4291909b06f8c60876c5595421169bcfba8b5e2d3eac8380b10dcd
SSDEEP

1536:jfaic1u/NQKLNXDc/lSIJkAulF3NiuVcipnmfdVwT+y4o3M3MQLr2JbIs/TedWbS:pcdqNwNSkQl53NQs5qMW6z/adUpNlhC

Score

10^/10

smokeloader backdoor collection trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://ahead4scores.ac.ug/index.php

https://ahead4scores.ac.ug/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  b76b84ca83697613fb8d2a8bc116961c8aadab57ca385f8a3032d9399aeff01f.exe
- Size
  
  164KB
- MD5
  
  f5e4f6e86f8c5cbd492e36ae2aa9f72d
- SHA1
  
  3d5be475174f64cb83886ea3109767686fe0bd0a
- SHA256
  
  b76b84ca83697613fb8d2a8bc116961c8aadab57ca385f8a3032d9399aeff01f
- SHA512
  
  51bfc69acfeeb6222c281a0380a65fc83fab342adaf876a81b90f1b869fe2878d20c47d3117d122d9d2732e3edbd8d496c8799d99905db1ce8060b8a20ccf06b
- SSDEEP
  
  3072:4IiV3N1ncO8WEmQSkDMeAUhL1zkeM5sOeVbfZgH:4FV9xn8WEmjkIebhJQeROtH
Score

10^/10

smokeloader backdoor trojan collection
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiontrojan