smokeloader | 9248f3e9c4a8713ebdd58566b0f537b25f6b37dc19cdbe35ec9c3185887791a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9248f3e9c4a8713ebdd58566b0f537b25f6b37dc19cdbe35ec9c3185887791a2
Size

197KB
Sample

230310-xn2m1sgg6t
MD5

3c4b8308858688e08b88c675c5643bd2
SHA1

cdd0011b7dc41b9fc809bb436126b87b34efc102
SHA256

9248f3e9c4a8713ebdd58566b0f537b25f6b37dc19cdbe35ec9c3185887791a2
SHA512

900027f27f61a83de154f9afa8c4838a2dd5dec7d2a17be7575853b4ffe300db93907c19a7e3fd600b5ccacff3cc6cf67ecd55dad344100a6eec1669692d78c0
SSDEEP

3072:GHxFmZkcuN+mneei8WkRozvL6LgD8BmcglCg1y2m:UFAkcf7eSuLgQIzCR

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9248f3e9c4a8713ebdd58566b0f537b25f6b37dc19cdbe35ec9c3185887791a2
- Size
  
  197KB
- MD5
  
  3c4b8308858688e08b88c675c5643bd2
- SHA1
  
  cdd0011b7dc41b9fc809bb436126b87b34efc102
- SHA256
  
  9248f3e9c4a8713ebdd58566b0f537b25f6b37dc19cdbe35ec9c3185887791a2
- SHA512
  
  900027f27f61a83de154f9afa8c4838a2dd5dec7d2a17be7575853b4ffe300db93907c19a7e3fd600b5ccacff3cc6cf67ecd55dad344100a6eec1669692d78c0
- SSDEEP
  
  3072:GHxFmZkcuN+mneei8WkRozvL6LgD8BmcglCg1y2m:UFAkcf7eSuLgQIzCR
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan