smokeloader | 3bb98307c2020155ce2b4ff03c0e38a9882d83d643f3060e65e09bef2299dc38 | Triage

Sharing

General

Target

3bb98307c2020155ce2b4ff03c0e38a9882d83d643f3060e65e09bef2299dc38
Size

246KB
Sample

230329-f8dm9aeh43
MD5

86d13df6970d4435814dd56a9b1ca6ee
SHA1

4d13d581db3991ca7b7c2f900e618c129fe44431
SHA256

3bb98307c2020155ce2b4ff03c0e38a9882d83d643f3060e65e09bef2299dc38
SHA512

a9ee1048e6385056e8003649232ed6eeab7f2e6056bd74ead0f46ba08b8601cef2dda37a1b422917b731d6ca06efb9a47a354d50a17832eaa9e09c40ce142a47
SSDEEP

3072:/5INVuYlL0antE7Tqa8E+SbiAgcReTHYybEhfAQh5T1YPnDA:uNVlL0amTR8EyxcYahT1YPn

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3bb98307c2020155ce2b4ff03c0e38a9882d83d643f3060e65e09bef2299dc38
- Size
  
  246KB
- MD5
  
  86d13df6970d4435814dd56a9b1ca6ee
- SHA1
  
  4d13d581db3991ca7b7c2f900e618c129fe44431
- SHA256
  
  3bb98307c2020155ce2b4ff03c0e38a9882d83d643f3060e65e09bef2299dc38
- SHA512
  
  a9ee1048e6385056e8003649232ed6eeab7f2e6056bd74ead0f46ba08b8601cef2dda37a1b422917b731d6ca06efb9a47a354d50a17832eaa9e09c40ce142a47
- SSDEEP
  
  3072:/5INVuYlL0antE7Tqa8E+SbiAgcReTHYybEhfAQh5T1YPnDA:uNVlL0amTR8EyxcYahT1YPn
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan