smokeloader | 1173d7bd9c7ef2e080400b5636e07f7195d08b5d5ea06dd686ed3a99951c82a3 | Triage

Sharing

General

Target

1173d7bd9c7ef2e080400b5636e07f7195d08b5d5ea06dd686ed3a99951c82a3
Size

297KB
Sample

230328-v18wracc25
MD5

7b1f8e9efd3695e7d7b9426863c210fd
SHA1

2138360299267ef49d092ef5573661ab3fe91225
SHA256

1173d7bd9c7ef2e080400b5636e07f7195d08b5d5ea06dd686ed3a99951c82a3
SHA512

30e00a4e7348a5f1edd5dac249dfa05b7313a6a0a84b054e0b4d54f3ecb134abed3726069cf917a868c4f5ee0210c8dc52da096999807bfc3afc5e744099ca8b
SSDEEP

3072:JbQ1zKwmBRTyzgJ4E6euMl1T11oq3aJDW6oUR1Q/bv7B8TUUTuBWvQfu:RoqBRTn4EBu2h6oEm/bjB84Pb

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1173d7bd9c7ef2e080400b5636e07f7195d08b5d5ea06dd686ed3a99951c82a3
- Size
  
  297KB
- MD5
  
  7b1f8e9efd3695e7d7b9426863c210fd
- SHA1
  
  2138360299267ef49d092ef5573661ab3fe91225
- SHA256
  
  1173d7bd9c7ef2e080400b5636e07f7195d08b5d5ea06dd686ed3a99951c82a3
- SHA512
  
  30e00a4e7348a5f1edd5dac249dfa05b7313a6a0a84b054e0b4d54f3ecb134abed3726069cf917a868c4f5ee0210c8dc52da096999807bfc3afc5e744099ca8b
- SSDEEP
  
  3072:JbQ1zKwmBRTyzgJ4E6euMl1T11oq3aJDW6oUR1Q/bv7B8TUUTuBWvQfu:RoqBRTn4EBu2h6oEm/bjB84Pb
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan