smokeloader | 1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130 | Triage

Sharing

General

Target

1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130
Size

270KB
Sample

230328-hvbylsbc5x
MD5

57caa38821163a93ba5b64503740783c
SHA1

079d4362ab22c59000d75ff08ca121b61b9d40f9
SHA256

1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130
SHA512

e410c112cfbdbb97b45ccf408b9372b2921c1bd84adc777efb92172570eeed367272be7b32df858a66b48ef08257796a47b777e041700c19475be1f0dcbdc397
SSDEEP

3072:bz9QZ1WJo0DxhQghTN8v/CCRkxcYw9sgrrqTKdwKsTOmQ90ZlmhU:lUWzDxhnhTAkxPwFrqTKKKqTPV

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130
- Size
  
  270KB
- MD5
  
  57caa38821163a93ba5b64503740783c
- SHA1
  
  079d4362ab22c59000d75ff08ca121b61b9d40f9
- SHA256
  
  1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130
- SHA512
  
  e410c112cfbdbb97b45ccf408b9372b2921c1bd84adc777efb92172570eeed367272be7b32df858a66b48ef08257796a47b777e041700c19475be1f0dcbdc397
- SSDEEP
  
  3072:bz9QZ1WJo0DxhQghTN8v/CCRkxcYw9sgrrqTKdwKsTOmQ90ZlmhU:lUWzDxhnhTAkxPwFrqTKKKqTPV
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan