smokeloader

Resubmissions

25-06-2023 01:15

230625-bl8snacg84 10

25-06-2023 00:56

230625-bajpdscg55 10

25-06-2023 00:44

230625-a3pknsdg2y 10

Sharing

Copy URL

Twitter E-mail

General

Target

78ad9e5dbc080327aa2b725b3278a9c53c85099ba86807b7943f11da1127c778
Size

220KB
Sample

230625-bajpdscg55
MD5

a780dd7a5ed788b79d157339f69bbad4
SHA1

7e10cd37e03420947d45c0374b05f23e058731e9
SHA256

78ad9e5dbc080327aa2b725b3278a9c53c85099ba86807b7943f11da1127c778
SHA512

e8da669acd35969e767fe475b387495122dfc6f208636a648a9213a1e7b7891d6e64ba2260d0a018f0e4f4d94f67ce126b8006795062837dff88f93a56b469dd
SSDEEP

3072:We8cGmnNsC8XA6K4T0MMeud1dl/E/axsfcEBwAuKvlGM5E5VJ:ycqC8XA6l+Hd1D/iLBwA1

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

http://serverlogs37.xyz/statweb255/

http://servblog757.xyz/statweb255/

http://dexblog45.xyz/statweb255/

http://admlogs.online/statweb255/

http://blogstat355.xyz/statweb255/

http://blogstatserv25.xyz/statweb255/

rc4.i32

Targets

- Target
  
  78ad9e5dbc080327aa2b725b3278a9c53c85099ba86807b7943f11da1127c778
- Size
  
  220KB
- MD5
  
  a780dd7a5ed788b79d157339f69bbad4
- SHA1
  
  7e10cd37e03420947d45c0374b05f23e058731e9
- SHA256
  
  78ad9e5dbc080327aa2b725b3278a9c53c85099ba86807b7943f11da1127c778
- SHA512
  
  e8da669acd35969e767fe475b387495122dfc6f208636a648a9213a1e7b7891d6e64ba2260d0a018f0e4f4d94f67ce126b8006795062837dff88f93a56b469dd
- SSDEEP
  
  3072:We8cGmnNsC8XA6K4T0MMeud1dl/E/axsfcEBwAuKvlGM5E5VJ:ycqC8XA6l+Hd1D/iLBwA1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2