smokeloader

General

Target

setup.exe
Size

305KB
Sample

230329-bzn1eafh9z
MD5

7153a161818859a8793fd899129316e1
SHA1

0f7897476df446e2ebb5ab31288ec7326b94a5c3
SHA256

9f3c46c4d9856b0b6036e1798f1ad22d91ab5809ca97211373b962f0a05352ae
SHA512

8c9aecf79d598d391c2adb5d811c6ef875db8ab816cdf2652992c3b71a1d6f1c335e442cc54e9bab39a8b30918c1bae6d5d83499daf3c2bed45d113006eadea9
SSDEEP

3072:ZC+dcVZgf1DGAxOoGsY00UOH+yUs3nW+UfkSD7cWGQXBPSJEloTAWvQfo:NdLf1DlHG60UInlSDwnQXBl9

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  305KB
- MD5
  
  7153a161818859a8793fd899129316e1
- SHA1
  
  0f7897476df446e2ebb5ab31288ec7326b94a5c3
- SHA256
  
  9f3c46c4d9856b0b6036e1798f1ad22d91ab5809ca97211373b962f0a05352ae
- SHA512
  
  8c9aecf79d598d391c2adb5d811c6ef875db8ab816cdf2652992c3b71a1d6f1c335e442cc54e9bab39a8b30918c1bae6d5d83499daf3c2bed45d113006eadea9
- SSDEEP
  
  3072:ZC+dcVZgf1DGAxOoGsY00UOH+yUs3nW+UfkSD7cWGQXBPSJEloTAWvQfo:NdLf1DlHG60UInlSDwnQXBl9
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2