smokeloader | d079e9fcd6bb012db832d5e345a545d2778a01fd48c7171dd7113bdf34d14afe | Triage

Sharing

General

Target

d079e9fcd6bb012db832d5e345a545d2778a01fd48c7171dd7113bdf34d14afe
Size

359KB
Sample

230322-rkz25abb4w
MD5

f89a148ff6807589fd9614efa1ffdbe5
SHA1

8fa130320fbe773bf1493565d7e1243fdacbdebc
SHA256

d079e9fcd6bb012db832d5e345a545d2778a01fd48c7171dd7113bdf34d14afe
SHA512

1b8318cc4241d944c62a4f5ba643856ba6b465577334f0b62e6f002b45b7ccaf6365e9d3e9aecf492d00ef55f05d448d2a4f52ed49d7795fda53e73d5808eb01
SSDEEP

3072:dvSjln0JsB7j4Y5CNEq/KYEeyblPVcR3RXZXBCgD6bxE6nz/2tTJJ:+775YWNblkRBBCU+n6

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d079e9fcd6bb012db832d5e345a545d2778a01fd48c7171dd7113bdf34d14afe
- Size
  
  359KB
- MD5
  
  f89a148ff6807589fd9614efa1ffdbe5
- SHA1
  
  8fa130320fbe773bf1493565d7e1243fdacbdebc
- SHA256
  
  d079e9fcd6bb012db832d5e345a545d2778a01fd48c7171dd7113bdf34d14afe
- SHA512
  
  1b8318cc4241d944c62a4f5ba643856ba6b465577334f0b62e6f002b45b7ccaf6365e9d3e9aecf492d00ef55f05d448d2a4f52ed49d7795fda53e73d5808eb01
- SSDEEP
  
  3072:dvSjln0JsB7j4Y5CNEq/KYEeyblPVcR3RXZXBCgD6bxE6nz/2tTJJ:+775YWNblkRBBCU+n6
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan