smokeloader

General

Target

e34bf84f16df714eaf3d0c4bdeb5ed3b.exe
Size

250KB
Sample

230328-gzxkfabb2s
MD5

e34bf84f16df714eaf3d0c4bdeb5ed3b
SHA1

8e34d2764c1d9c707b874a23576d63c4b4135f4b
SHA256

942af905e90552cd7b35c1cda77866220dbf3732b3379ed18caa0b3e641b4ef5
SHA512

c5146a8ee610f0a223865c2f7c21be9477d1b195d7d43d82c907e35867f1dfbb892fa6251ea55a3077ea9e665ea54962ac98154ed7c92034fe552cf369054312
SSDEEP

6144:NiDsbZrkxL39ZsTF3lSEg3iwR3W+kxg8YI:8KrkxT9ZAF1toidq8Y

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

Targets

- Target
  
  e34bf84f16df714eaf3d0c4bdeb5ed3b.exe
- Size
  
  250KB
- MD5
  
  e34bf84f16df714eaf3d0c4bdeb5ed3b
- SHA1
  
  8e34d2764c1d9c707b874a23576d63c4b4135f4b
- SHA256
  
  942af905e90552cd7b35c1cda77866220dbf3732b3379ed18caa0b3e641b4ef5
- SHA512
  
  c5146a8ee610f0a223865c2f7c21be9477d1b195d7d43d82c907e35867f1dfbb892fa6251ea55a3077ea9e665ea54962ac98154ed7c92034fe552cf369054312
- SSDEEP
  
  6144:NiDsbZrkxL39ZsTF3lSEg3iwR3W+kxg8YI:8KrkxT9ZAF1toidq8Y
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2