smokeloader | 595d22d790f57e4622d9583ae1544af1b2d445a95b760cb6e50f9d4d3b114e30 | Triage

Sharing

General

Target

595d22d790f57e4622d9583ae1544af1b2d445a95b760cb6e50f9d4d3b114e30
Size

329KB
Sample

230319-dxeeasgg2x
MD5

6e195bf95f1e6df5c96e31fa17d32c08
SHA1

2052fb8a54d776d48263bf7d7f0c397041108a1a
SHA256

595d22d790f57e4622d9583ae1544af1b2d445a95b760cb6e50f9d4d3b114e30
SHA512

cf1d92fa9ce81df1b69a597bbfc41ac9f522f6931f50a0c0648bb8d5dd53e75830dc3703c91820fd772f429c55336162c5eb248fddde9acb60b0136f1f368fe7
SSDEEP

3072:XOblUBU1iLh/HJ8MfsbhSe2eVl90k6Gtanp8h4luUmPfM6PW2eGa2PRVRtNIH:+b8U1iLlHJIbhlK75qhOujje2GW1IH

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  595d22d790f57e4622d9583ae1544af1b2d445a95b760cb6e50f9d4d3b114e30
- Size
  
  329KB
- MD5
  
  6e195bf95f1e6df5c96e31fa17d32c08
- SHA1
  
  2052fb8a54d776d48263bf7d7f0c397041108a1a
- SHA256
  
  595d22d790f57e4622d9583ae1544af1b2d445a95b760cb6e50f9d4d3b114e30
- SHA512
  
  cf1d92fa9ce81df1b69a597bbfc41ac9f522f6931f50a0c0648bb8d5dd53e75830dc3703c91820fd772f429c55336162c5eb248fddde9acb60b0136f1f368fe7
- SSDEEP
  
  3072:XOblUBU1iLh/HJ8MfsbhSe2eVl90k6Gtanp8h4luUmPfM6PW2eGa2PRVRtNIH:+b8U1iLlHJIbhlK75qhOujje2GW1IH
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan