smokeloader

General

Target

59ab8997244079855e9af6aa577cb8c3.bin
Size

164KB
Sample

230328-bypkjsgc68
MD5

8eb4063872befcc87ed48bdbaccf4023
SHA1

ec3810d707ac076dfc6aa3f4defc1f36ff5f9e8c
SHA256

097253ddd8316eb2195b8cb0a8f39fcffdb615d4969c562b42b247649b2eaba2
SHA512

0c3ad9b72fc83a684335cac651793e52222f70b76900155842651abb3e04b753f183d2b2ba317501c3b498e1a497e1621bc95c0d254b31c097eac25d5bf67875
SSDEEP

3072:jcijHutl84jYJBBRB485IqzdjjdVD7kqHOsMcmLyMLWQDRTNnNuOwO/tShXJ5CGm:Air0uuqn9VHkWBBmLyMLndTpBSzVPxm5

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

Targets

- Target
  
  9f253f6abcd703cb920e2825df26b468164d15ca2d50f154a5b12fbf84c05ca5.exe
- Size
  
  274KB
- MD5
  
  59ab8997244079855e9af6aa577cb8c3
- SHA1
  
  0aecd525dddccda85aec5ea07a5648cfa8fad1e9
- SHA256
  
  9f253f6abcd703cb920e2825df26b468164d15ca2d50f154a5b12fbf84c05ca5
- SHA512
  
  66188ad1bd708fd2e11aec23b638048bd8aae63c55091805a8c445884dbe5405db4f3809c9cb0600185dd31db2842d2023f937827260d23926a6a83db11c5ee7
- SSDEEP
  
  3072:j3uRWX6TzugTWRYcSu6u+bZh7YzgNIs8ukBosYg3/rGpNN4TJY:iX1TSYcby38uoL/r8NN4T
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2