smokeloader

General

Target

57a8ecaee021fbffd08b27cd2f67ff88.exe
Size

585KB
Sample

230313-h497rsba8s
MD5

57a8ecaee021fbffd08b27cd2f67ff88
SHA1

56df20ecf3bac9dc4d9d0c230b95d09cb272c4e2
SHA256

999ae9856f3df7405d491edac3bdac882351623f63586472336957bc379285d6
SHA512

7e95b34e54557124e1f82d7a5dcd81bdcd6d60c5fbe111a12397cb956e0417352991c16704095aba7da7d8bfe7baf3bdc8821495ee1cb6d5a15822291b785311
SSDEEP

12288:Ax353lnE5BhWH78QM8I9wjvHhKDMZqTLhs:Ax3tlnE5KbXWsvQAZcLh

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

swo

Extracted

Family

smokeloader

Version

2020

C2

http://akmedia.in/js/k/index.php

http://bethesdaserukam.org/setting/k/index.php

http://stemschools.in/js/k/index.php

http://dejarestaurant.com/wp-admin/js/k/index.php

http://moabscript.ir/wp-admin/js/k/index.php

http://nicehybridseeds.com/image/catalog/k/index.php

http://imaker.io/picktail/js/k/index.php

http://nanavatisworld.com/assets/js/k/index.php

http://smartbubox.com/img/k/index.php

http://krigenpharmaceuticals.com/js/k/index.php

rc4.i32

Targets

- Target
  
  57a8ecaee021fbffd08b27cd2f67ff88.exe
- Size
  
  585KB
- MD5
  
  57a8ecaee021fbffd08b27cd2f67ff88
- SHA1
  
  56df20ecf3bac9dc4d9d0c230b95d09cb272c4e2
- SHA256
  
  999ae9856f3df7405d491edac3bdac882351623f63586472336957bc379285d6
- SHA512
  
  7e95b34e54557124e1f82d7a5dcd81bdcd6d60c5fbe111a12397cb956e0417352991c16704095aba7da7d8bfe7baf3bdc8821495ee1cb6d5a15822291b785311
- SSDEEP
  
  12288:Ax353lnE5BhWH78QM8I9wjvHhKDMZqTLhs:Ax3tlnE5KbXWsvQAZcLh
Score

10^/10

smokeloader swo backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2