smokeloader

General

Target

swo.exe
Size

765KB
Sample

230627-e28pdada64
MD5

8f4f98c339659ea38113ad5e94ede789
SHA1

7b74182308aec51febdf17e596727e7e1ea1f55b
SHA256

28c4e1d6f79db8b5343fb42f8a7017709257765ac53274c3289c976650a08142
SHA512

12d2750f4a8152ab78aec979efd93f11b361229cc033dba789e3bb8fbfb13fe5d3ed2e8ee61e0f5b2c35c5a10c983871e1dd6e092fc6b74bc6d0b5fde45846a4
SSDEEP

12288:5Nk3yhlzZjIrUM0xTFd4QlgwGAoj4zzeKdi:57zz6rUM4FdjGUoj4zaKU

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

swo

Extracted

Family

smokeloader

Version

2020

C2

http://akmedia.in/js/k/index.php

http://bethesdaserukam.org/setting/k/index.php

http://stemschools.in/js/k/index.php

http://dejarestaurant.com/wp-admin/js/k/index.php

http://moabscript.ir/wp-admin/js/k/index.php

http://nicehybridseeds.com/image/catalog/k/index.php

http://imaker.io/picktail/js/k/index.php

http://nanavatisworld.com/assets/js/k/index.php

http://smartbubox.com/img/k/index.php

http://krigenpharmaceuticals.com/js/k/index.php

rc4.i32

Targets

- Target
  
  swo.exe
- Size
  
  765KB
- MD5
  
  8f4f98c339659ea38113ad5e94ede789
- SHA1
  
  7b74182308aec51febdf17e596727e7e1ea1f55b
- SHA256
  
  28c4e1d6f79db8b5343fb42f8a7017709257765ac53274c3289c976650a08142
- SHA512
  
  12d2750f4a8152ab78aec979efd93f11b361229cc033dba789e3bb8fbfb13fe5d3ed2e8ee61e0f5b2c35c5a10c983871e1dd6e092fc6b74bc6d0b5fde45846a4
- SSDEEP
  
  12288:5Nk3yhlzZjIrUM0xTFd4QlgwGAoj4zzeKdi:57zz6rUM4FdjGUoj4zaKU
Score

10^/10

smokeloader swo backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2