smokeloader | a8469c6679033a2461cc2590d3aeba4b257cb0e2dc6e4a2880de8be6e0c3e182 | Triage

Sharing

General

Target

a8469c6679033a2461cc2590d3aeba4b257cb0e2dc6e4a2880de8be6e0c3e182
Size

293KB
Sample

230328-zsfbpafa7t
MD5

8293d92d65233b051ec0c6dfe652a092
SHA1

01cb5c35f8cbf58003d1ab3cf8e3bd95713aed3e
SHA256

a8469c6679033a2461cc2590d3aeba4b257cb0e2dc6e4a2880de8be6e0c3e182
SHA512

c9d446b88dd2174208a4dbbd03a7a87a1d7163d68aeaaeb2920f1b0075abceede63d3c8a902f0b4cf72bcb41079db94de612459ad273e197babd3ec1969d7eee
SSDEEP

3072:30k/+V4A2FOs/YDxO4947ZsmhmWeq9WgoXhj4nM2KyxT/lWvQfo:TiMFbADxOhm9ky4nrp

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a8469c6679033a2461cc2590d3aeba4b257cb0e2dc6e4a2880de8be6e0c3e182
- Size
  
  293KB
- MD5
  
  8293d92d65233b051ec0c6dfe652a092
- SHA1
  
  01cb5c35f8cbf58003d1ab3cf8e3bd95713aed3e
- SHA256
  
  a8469c6679033a2461cc2590d3aeba4b257cb0e2dc6e4a2880de8be6e0c3e182
- SHA512
  
  c9d446b88dd2174208a4dbbd03a7a87a1d7163d68aeaaeb2920f1b0075abceede63d3c8a902f0b4cf72bcb41079db94de612459ad273e197babd3ec1969d7eee
- SSDEEP
  
  3072:30k/+V4A2FOs/YDxO4947ZsmhmWeq9WgoXhj4nM2KyxT/lWvQfo:TiMFbADxOhm9ky4nrp
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan