smokeloader | 387e053c28b9c0fbb7749da52d4db404caf5483f9f4a3a56981cf59b1fb7b658 | Triage

Sharing

General

Target

387e053c28b9c0fbb7749da52d4db404caf5483f9f4a3a56981cf59b1fb7b658
Size

224KB
Sample

230329-bhyhhseb72
MD5

5e3a6bec7a92d30dec303dd335ea7f92
SHA1

82bf71f1856a62c24e8c8d902d53dba99008550f
SHA256

387e053c28b9c0fbb7749da52d4db404caf5483f9f4a3a56981cf59b1fb7b658
SHA512

27341b567c888de5109da8fb27640a6b4ff2165957872923eac7cbb7ad434bc29558d913930112cdb84976d3df9a267186aae891ea89fcd825a2502c54ea8813
SSDEEP

3072:1YjdIs1K3dVAVIw0DVtyTgMr0ojauaLif/zxWHM6VyiaD5UE1ElCETy9Y:y+H0VirKnaLI/zxj6VxOUEKl

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  387e053c28b9c0fbb7749da52d4db404caf5483f9f4a3a56981cf59b1fb7b658
- Size
  
  224KB
- MD5
  
  5e3a6bec7a92d30dec303dd335ea7f92
- SHA1
  
  82bf71f1856a62c24e8c8d902d53dba99008550f
- SHA256
  
  387e053c28b9c0fbb7749da52d4db404caf5483f9f4a3a56981cf59b1fb7b658
- SHA512
  
  27341b567c888de5109da8fb27640a6b4ff2165957872923eac7cbb7ad434bc29558d913930112cdb84976d3df9a267186aae891ea89fcd825a2502c54ea8813
- SSDEEP
  
  3072:1YjdIs1K3dVAVIw0DVtyTgMr0ojauaLif/zxWHM6VyiaD5UE1ElCETy9Y:y+H0VirKnaLI/zxj6VxOUEKl
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan