smokeloader | 766374196d4e79bd565eba19f4fa3a822f7451ff57ba9b3d9e13e24276d5edd5 | Triage

Sharing

General

Target

766374196d4e79bd565eba19f4fa3a822f7451ff57ba9b3d9e13e24276d5edd5
Size

295KB
Sample

230328-w8z49aec2s
MD5

16a3c84422b5e8933e27cb6b873746ab
SHA1

80d718e83454d9fee5832a1ce50d136e0645c00f
SHA256

766374196d4e79bd565eba19f4fa3a822f7451ff57ba9b3d9e13e24276d5edd5
SHA512

e70efe05ec3777f122b89391c896197f8ce6584d125d67aba8db164d8cf827d9c1f32d53197168f44732535dc61cc8022d7deb36b5985538dcdf7e60baf5a7ba
SSDEEP

3072:+eQlnqA8VNF9giHti/YeIe6M39TCLUF61+PHwmxEylbxyxFWYTgWvQfC:dMQLgiMYe3M1+/wmxpxG+

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  766374196d4e79bd565eba19f4fa3a822f7451ff57ba9b3d9e13e24276d5edd5
- Size
  
  295KB
- MD5
  
  16a3c84422b5e8933e27cb6b873746ab
- SHA1
  
  80d718e83454d9fee5832a1ce50d136e0645c00f
- SHA256
  
  766374196d4e79bd565eba19f4fa3a822f7451ff57ba9b3d9e13e24276d5edd5
- SHA512
  
  e70efe05ec3777f122b89391c896197f8ce6584d125d67aba8db164d8cf827d9c1f32d53197168f44732535dc61cc8022d7deb36b5985538dcdf7e60baf5a7ba
- SSDEEP
  
  3072:+eQlnqA8VNF9giHti/YeIe6M39TCLUF61+PHwmxEylbxyxFWYTgWvQfC:dMQLgiMYe3M1+/wmxpxG+
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan