smokeloader

General

Target

f05bcbf9f67403c92d4f0ce94d8d43c9.exe
Size

565KB
Sample

230313-mbyqgshh33
MD5

f05bcbf9f67403c92d4f0ce94d8d43c9
SHA1

605cca854081d0c4db27835491ccda829cb47021
SHA256

d5202e8a72bb3eb70009068ff5d84a9babc1d99ce62f8d402db1d70903b972cd
SHA512

07193810e2f9df8ee4486b65ffb490788597bf27eedd6a130ab0afdb1b7d01dcdbb421c25aa8ffc46a45a8050a16d9ec3ada03eb92b5b06d8c021f6111958c3c
SSDEEP

12288:+foBOouaGxki2nRgV4YENsNAcAgRVL8v3Hh:+AM+n04Yms1AiL0

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

swo

Extracted

Family

smokeloader

Version

2020

C2

http://akmedia.in/js/k/index.php

http://bethesdaserukam.org/setting/k/index.php

http://stemschools.in/js/k/index.php

http://dejarestaurant.com/wp-admin/js/k/index.php

http://moabscript.ir/wp-admin/js/k/index.php

http://nicehybridseeds.com/image/catalog/k/index.php

http://imaker.io/picktail/js/k/index.php

http://nanavatisworld.com/assets/js/k/index.php

http://smartbubox.com/img/k/index.php

http://krigenpharmaceuticals.com/js/k/index.php

rc4.i32

Targets

- Target
  
  f05bcbf9f67403c92d4f0ce94d8d43c9.exe
- Size
  
  565KB
- MD5
  
  f05bcbf9f67403c92d4f0ce94d8d43c9
- SHA1
  
  605cca854081d0c4db27835491ccda829cb47021
- SHA256
  
  d5202e8a72bb3eb70009068ff5d84a9babc1d99ce62f8d402db1d70903b972cd
- SHA512
  
  07193810e2f9df8ee4486b65ffb490788597bf27eedd6a130ab0afdb1b7d01dcdbb421c25aa8ffc46a45a8050a16d9ec3ada03eb92b5b06d8c021f6111958c3c
- SSDEEP
  
  12288:+foBOouaGxki2nRgV4YENsNAcAgRVL8v3Hh:+AM+n04Yms1AiL0
Score

10^/10

smokeloader swo backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2