smokeloader | 0e2695c0e13c0c42a1e2b414631e8f120e00348aaa3b4e2b7655861d4e38e8d0 | Triage

Sharing

General

Target

0e2695c0e13c0c42a1e2b414631e8f120e00348aaa3b4e2b7655861d4e38e8d0
Size

264KB
Sample

230505-p2q5faaf36
MD5

a5aba859972d7f7555fa35b640fdbdbf
SHA1

a240cc388b0d2f41eb8b9f4d9c84debc508a21ac
SHA256

0e2695c0e13c0c42a1e2b414631e8f120e00348aaa3b4e2b7655861d4e38e8d0
SHA512

4938cd383f1e8a5ea4e00c5a58a6b46686fc60d8969205a49eb74a24e26a3b9e1aece6d077608ad9f580a8bb234accd65f94c6b179235d19734d9b7db7456d52
SSDEEP

6144:u4c98HS5DPiej+CleAuRaLtn0v2lFKNol:zceHSBPXNuRal0v2WNC

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0e2695c0e13c0c42a1e2b414631e8f120e00348aaa3b4e2b7655861d4e38e8d0
- Size
  
  264KB
- MD5
  
  a5aba859972d7f7555fa35b640fdbdbf
- SHA1
  
  a240cc388b0d2f41eb8b9f4d9c84debc508a21ac
- SHA256
  
  0e2695c0e13c0c42a1e2b414631e8f120e00348aaa3b4e2b7655861d4e38e8d0
- SHA512
  
  4938cd383f1e8a5ea4e00c5a58a6b46686fc60d8969205a49eb74a24e26a3b9e1aece6d077608ad9f580a8bb234accd65f94c6b179235d19734d9b7db7456d52
- SSDEEP
  
  6144:u4c98HS5DPiej+CleAuRaLtn0v2lFKNol:zceHSBPXNuRal0v2WNC
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan