smokeloader | f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e
Size

235KB
Sample

230420-agczraeb76
MD5

f066332ccc81b918c04cdcab3b828c27
SHA1

4082bbb60d30dbcbfa95f921ab8d37f53d94b374
SHA256

f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e
SHA512

9f227a999089c3355a7df103997ccfcab080c59067271e5ae169e694851448c5d187566851cdba0f32282906edb337d9938ebde9e58cb932f3d138af92fff5c0
SSDEEP

3072:Mo4YHU2P1TYkOpeBqwDn3RBCStOvknEZ4F/z5L9dSajk4/owe3:FFHUoHOA3ySYvknEeD9d5g4/ve3

Score

10^/10

smokeloader sprg backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e.exe

Resource

win10-20230220-en

smokeloader sprg backdoor spyware stealer trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e
- Size
  
  235KB
- MD5
  
  f066332ccc81b918c04cdcab3b828c27
- SHA1
  
  4082bbb60d30dbcbfa95f921ab8d37f53d94b374
- SHA256
  
  f17263a83ea1c51f172cf8021695a62904228bcc94c76a4f3aee92aa11d1531e
- SHA512
  
  9f227a999089c3355a7df103997ccfcab080c59067271e5ae169e694851448c5d187566851cdba0f32282906edb337d9938ebde9e58cb932f3d138af92fff5c0
- SSDEEP
  
  3072:Mo4YHU2P1TYkOpeBqwDn3RBCStOvknEZ4F/z5L9dSajk4/owe3:FFHUoHOA3ySYvknEeD9d5g4/ve3
Score

10^/10

smokeloader sprg backdoor spyware stealer trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoorspywarestealertrojan

© 2018-2025

Terms | Privacy