smokeloader | 27e504a42c3944d20c4e3475f6f0d176af0e65bd99f66ab9ac4a6bc82b94eb71 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27e504a42c3944d20c4e3475f6f0d176af0e65bd99f66ab9ac4a6bc82b94eb71
Size

321KB
Sample

230512-xbzynagd2w
MD5

76e988bb8f7c12d3a626a23e5eac59b5
SHA1

9d00d2e0f9df810755a0cbac5d2257d5c625e2cd
SHA256

27e504a42c3944d20c4e3475f6f0d176af0e65bd99f66ab9ac4a6bc82b94eb71
SHA512

c6bc58086daf3e49bad2ce81d753b2abcf93e1fc1608ac16d8225db83b52a9e743c2f04326fcaf58bf91342f50d74e8ccd37d6318645e0589b0d4775336abd94
SSDEEP

3072:uoz4bSc2zbv597lhYzxiJ+QykgBSrPYE/i1Il6WRZj0DKd/9ze/p7t:imLj59RWzL4mYPYE/Qk7fjQKW

Score

10^/10

smokeloader sprg backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Targets

- Target
  
  27e504a42c3944d20c4e3475f6f0d176af0e65bd99f66ab9ac4a6bc82b94eb71
- Size
  
  321KB
- MD5
  
  76e988bb8f7c12d3a626a23e5eac59b5
- SHA1
  
  9d00d2e0f9df810755a0cbac5d2257d5c625e2cd
- SHA256
  
  27e504a42c3944d20c4e3475f6f0d176af0e65bd99f66ab9ac4a6bc82b94eb71
- SHA512
  
  c6bc58086daf3e49bad2ce81d753b2abcf93e1fc1608ac16d8225db83b52a9e743c2f04326fcaf58bf91342f50d74e8ccd37d6318645e0589b0d4775336abd94
- SSDEEP
  
  3072:uoz4bSc2zbv597lhYzxiJ+QykgBSrPYE/i1Il6WRZj0DKd/9ze/p7t:imLj59RWzL4mYPYE/Qk7fjQKW
Score

10^/10

smokeloader sprg backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersprgbackdoortrojan