smokeloader | 4fce1d0099d746c09f6e7a8ae41882cbb95070ab24843b1516b8a74ce65d3701 | Triage

Sharing

General

Target

DaHostexeexeexe.exe
Size

299KB
Sample

230630-rfzkssdc96
MD5

dabf4bf05dadea76f0a7b346eee48844
SHA1

1ea751f2c11f8f57f80cdc30826e38a551761828
SHA256

4fce1d0099d746c09f6e7a8ae41882cbb95070ab24843b1516b8a74ce65d3701
SHA512

8dc5a9d442fd6b95ab3a1a682ad80451131da2e5f74cc741b4bd4badfbbb31f002098c79c62ef77c4677703aefc2a698e2f97becd94b1ac0d58cd71629b73f23
SSDEEP

3072:12zYpE8kiiX63a0mkBxKvQ5RN3vKdjSj0mRLRLh7EkHot:cMO8kWK0mkTKo5RpvUcp9Ew

Score

10^/10

smokeloader backdoor collection trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://suprememax.ga/

http://bloomberg.ga/

rc4.i32

rc4.i32

Targets

- Target
  
  DaHostexeexeexe.exe
- Size
  
  299KB
- MD5
  
  dabf4bf05dadea76f0a7b346eee48844
- SHA1
  
  1ea751f2c11f8f57f80cdc30826e38a551761828
- SHA256
  
  4fce1d0099d746c09f6e7a8ae41882cbb95070ab24843b1516b8a74ce65d3701
- SHA512
  
  8dc5a9d442fd6b95ab3a1a682ad80451131da2e5f74cc741b4bd4badfbbb31f002098c79c62ef77c4677703aefc2a698e2f97becd94b1ac0d58cd71629b73f23
- SSDEEP
  
  3072:12zYpE8kiiX63a0mkBxKvQ5RN3vKdjSj0mRLRLh7EkHot:cMO8kWK0mkTKo5RpvUcp9Ew
Score

10^/10

smokeloader backdoor trojan collection
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiontrojan