smokeloader | c9d3dcea437505d49eb47611638834c3eb298f5b9a466dab630bf0d1fb753710 | Triage

Sharing

General

Target

c9d3dcea437505d49eb47611638834c3eb298f5b9a466dab630bf0d1fb753710
Size

270KB
Sample

230328-jabb1sbd5z
MD5

2e1a051cc27949da59d3678bf4f3cce2
SHA1

9086052254cbab760bea3014b18676f456f24f8f
SHA256

c9d3dcea437505d49eb47611638834c3eb298f5b9a466dab630bf0d1fb753710
SHA512

815c528c6eb04a1b7ab1a00e9febe9f7b4569bb6bab4d40c05092c89c82eb190d7239f89a994d2be5065cc7151d382c71de245b73a0813775a73323cf2688f21
SSDEEP

3072:WOmQZGWJoEZpBeAhzt8vfVlCseWymfZIz26CauqdRb8XeLardHpDlh5lmhZ:0zWLZpBxhzu2WL+FbP8hZ0

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c9d3dcea437505d49eb47611638834c3eb298f5b9a466dab630bf0d1fb753710
- Size
  
  270KB
- MD5
  
  2e1a051cc27949da59d3678bf4f3cce2
- SHA1
  
  9086052254cbab760bea3014b18676f456f24f8f
- SHA256
  
  c9d3dcea437505d49eb47611638834c3eb298f5b9a466dab630bf0d1fb753710
- SHA512
  
  815c528c6eb04a1b7ab1a00e9febe9f7b4569bb6bab4d40c05092c89c82eb190d7239f89a994d2be5065cc7151d382c71de245b73a0813775a73323cf2688f21
- SSDEEP
  
  3072:WOmQZGWJoEZpBeAhzt8vfVlCseWymfZIz26CauqdRb8XeLardHpDlh5lmhZ:0zWLZpBxhzu2WL+FbP8hZ0
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan