smokeloader | 7dcaec1fe8503cfd46ca45f4ee41ba8ec95ad1d41adb22a73ddd53f5110d6c53 | Triage

Sharing

General

Target

7dcaec1fe8503cfd46ca45f4ee41ba8ec95ad1d41adb22a73ddd53f5110d6c53
Size

296KB
Sample

230328-r5hzcabf43
MD5

659ff246b73da70a59f5b756faf67d7c
SHA1

9488358099010bde234ea4e6bc28a49fa61b9667
SHA256

7dcaec1fe8503cfd46ca45f4ee41ba8ec95ad1d41adb22a73ddd53f5110d6c53
SHA512

29768a345b2e02efc4b2d6e65e1cc37e13c4889bc0ce140b57e9884a48ea0daca8dacfc41c650a8bed50540fa1947419a91e7ac5d7df48232baf782b3d80b00d
SSDEEP

3072:ycdyLgcdB5nDVRTtq1IeMYFPP3gUG/nYB8I4niDLBzMQl5OM6k/XIfqF9lmc2tot:T255nDLtqv3PG/g6i4M6WIfIstDDTS

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7dcaec1fe8503cfd46ca45f4ee41ba8ec95ad1d41adb22a73ddd53f5110d6c53
- Size
  
  296KB
- MD5
  
  659ff246b73da70a59f5b756faf67d7c
- SHA1
  
  9488358099010bde234ea4e6bc28a49fa61b9667
- SHA256
  
  7dcaec1fe8503cfd46ca45f4ee41ba8ec95ad1d41adb22a73ddd53f5110d6c53
- SHA512
  
  29768a345b2e02efc4b2d6e65e1cc37e13c4889bc0ce140b57e9884a48ea0daca8dacfc41c650a8bed50540fa1947419a91e7ac5d7df48232baf782b3d80b00d
- SSDEEP
  
  3072:ycdyLgcdB5nDVRTtq1IeMYFPP3gUG/nYB8I4niDLBzMQl5OM6k/XIfqF9lmc2tot:T255nDLtqv3PG/g6i4M6WIfIstDDTS
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan