smokeloader | b709cb44974a19f39b89c405ca9dd4988ecc6b7e9bef72ab7754a4d254ad458e | Triage

Sharing

General

Target

b709cb44974a19f39b89c405ca9dd4988ecc6b7e9bef72ab7754a4d254ad458e
Size

295KB
Sample

230328-qwslrach8z
MD5

ebea8fc47d11d4b5c579edfc1eb535c7
SHA1

feb21108d8bed58a7dff3d84b4919584980c1d8a
SHA256

b709cb44974a19f39b89c405ca9dd4988ecc6b7e9bef72ab7754a4d254ad458e
SHA512

a1446de6eab414393b3edf614b19067824347be5fb7a0f5aa1a5bc811a551e82f24a2f5ef7d1e678d5c9885cb6348ccf2ce429236d4e2beb376e6a163a9733e0
SSDEEP

3072:eEd27685mmorMgX3BCIOM+WP97qo2ysgt4+c/as3Ax8+u7llmc2toiDTBg:vGYmorD3Bh7qWJuD+FtDDTS

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b709cb44974a19f39b89c405ca9dd4988ecc6b7e9bef72ab7754a4d254ad458e
- Size
  
  295KB
- MD5
  
  ebea8fc47d11d4b5c579edfc1eb535c7
- SHA1
  
  feb21108d8bed58a7dff3d84b4919584980c1d8a
- SHA256
  
  b709cb44974a19f39b89c405ca9dd4988ecc6b7e9bef72ab7754a4d254ad458e
- SHA512
  
  a1446de6eab414393b3edf614b19067824347be5fb7a0f5aa1a5bc811a551e82f24a2f5ef7d1e678d5c9885cb6348ccf2ce429236d4e2beb376e6a163a9733e0
- SSDEEP
  
  3072:eEd27685mmorMgX3BCIOM+WP97qo2ysgt4+c/as3Ax8+u7llmc2toiDTBg:vGYmorD3Bh7qWJuD+FtDDTS
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan