smokeloader | 7aeac9679553ada579de239cadd28a6c4df0fecbf58369472030f2c3990687dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

009dce107c48162923e7c55fe3a6ec74
Size

280KB
Sample

230323-ggypsafg2x
MD5

009dce107c48162923e7c55fe3a6ec74
SHA1

56e40fe908b956a595cc271ab64f06f8557b9ab3
SHA256

7aeac9679553ada579de239cadd28a6c4df0fecbf58369472030f2c3990687dc
SHA512

96d0904667f4968029c9a55393cdc346c62e0617c1b2d0404b07547b3769419cc5250ae6d3d98dee68c6fa4a56c16c1fcc69e4e19fb07be7203c2bc3e066d654
SSDEEP

1536:GkhXCxnMjlkNSCWjwb/wnYVRLqQffCfh+kAJ3eX5nREuutaZ0WOya/sHpM3aYwPm:eBk3CWjwb/wYV1xH+AJkRKaGv/sHpg

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://62.204.41.133/

https://62.204.41.133/

rc4.i32

rc4.i32

Targets

- Target
  
  009dce107c48162923e7c55fe3a6ec74
- Size
  
  280KB
- MD5
  
  009dce107c48162923e7c55fe3a6ec74
- SHA1
  
  56e40fe908b956a595cc271ab64f06f8557b9ab3
- SHA256
  
  7aeac9679553ada579de239cadd28a6c4df0fecbf58369472030f2c3990687dc
- SHA512
  
  96d0904667f4968029c9a55393cdc346c62e0617c1b2d0404b07547b3769419cc5250ae6d3d98dee68c6fa4a56c16c1fcc69e4e19fb07be7203c2bc3e066d654
- SSDEEP
  
  1536:GkhXCxnMjlkNSCWjwb/wnYVRLqQffCfh+kAJ3eX5nREuutaZ0WOya/sHpM3aYwPm:eBk3CWjwb/wYV1xH+AJkRKaGv/sHpg
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan