smokeloader | a51b880c04fcc66cc1c561b3b490b04db675f2775bbf1dfc299572d2401e706d | Triage

Submit
Reports

Overview

overview

Static

static

3

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file
Size

241KB
Sample

230606-qlm9aaed2t
MD5

dc076ed6da7792af479120129fad2716
SHA1

5950886a02ed459d9ffa92b98a1c4b0462e0de88
SHA256

a51b880c04fcc66cc1c561b3b490b04db675f2775bbf1dfc299572d2401e706d
SHA512

e58ff229a7649f58f75ed3fba90c72be7d1b378a9f8d2e184039dd9bbd7b04e925a556f410176b4711497caa7edbc7bff87d1e09870077cabf338def098e8a85
SSDEEP

3072:zfFQgZdMFWaC7RMgxSMGyfTuyyHM3IZcY+5wxv+mG+O3VKdFp7CnYTRqKV/c:zFQkMFxhgxSMGyyLUzSR+1+GXYM

Score

10^/10

smokeloader pub1 backdoor discovery spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

smokeloader pub1 backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

smokeloader pub1 backdoor discovery spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://toobussy.com/tmp/

http://wuc11.com/tmp/

http://ladogatur.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

rc4.i32

Targets

- Target
  
  file
- Size
  
  241KB
- MD5
  
  dc076ed6da7792af479120129fad2716
- SHA1
  
  5950886a02ed459d9ffa92b98a1c4b0462e0de88
- SHA256
  
  a51b880c04fcc66cc1c561b3b490b04db675f2775bbf1dfc299572d2401e706d
- SHA512
  
  e58ff229a7649f58f75ed3fba90c72be7d1b378a9f8d2e184039dd9bbd7b04e925a556f410176b4711497caa7edbc7bff87d1e09870077cabf338def098e8a85
- SSDEEP
  
  3072:zfFQgZdMFWaC7RMgxSMGyfTuyyHM3IZcY+5wxv+mG+O3VKdFp7CnYTRqKV/c:zFQkMFxhgxSMGyyLUzSR+1+GXYM
Score

10^/10

smokeloader pub1 backdoor trojan discovery spyware stealer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy