smokeloader | 1d2f7cb23922d7718f37c0bf0503f36b3bd5805b4395da019d1d09148aad6e8b | Triage

Sharing

General

Target

5fad9a11081ecf50c16106ffc8777445.bin
Size

155KB
Sample

230712-bt3llsbe25
MD5

7e49bb80e14d9677045a01eede041639
SHA1

036b452c0fb01cbb09adcd35289028eaa41cac4e
SHA256

1d2f7cb23922d7718f37c0bf0503f36b3bd5805b4395da019d1d09148aad6e8b
SHA512

751882a2e310e44935c60f779ed4988906c333ecf4fb842af80bf1fb5310c29a423ba9cf135df40fe5eee315579988ae73257cef0e62ceffd25978e8b6be8eb5
SSDEEP

3072:GcZizo6FtjH2inEPDPRcEjPioJ87D1cdgZw2ZVPCNIiUJ+:GN9XH2AIWEjPioJU1cdYw2HQ

Score

10^/10

smokeloader summ backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

summ

Extracted

Family

smokeloader

Version

2022

C2

http://stalagmijesarl.com/

http://ukdantist-sarl.com/

http://cpcorprotationltd.com/

rc4.i32

rc4.i32

Targets

- Target
  
  8c3f095428d5283ec57391611e24689e88aa93e0a6868d6994d2e26761740ce3.exe
- Size
  
  240KB
- MD5
  
  5fad9a11081ecf50c16106ffc8777445
- SHA1
  
  0fdb015f0c016868a9d896be9ec8fd3f78c35ff2
- SHA256
  
  8c3f095428d5283ec57391611e24689e88aa93e0a6868d6994d2e26761740ce3
- SHA512
  
  dbbe37965eeb7442a521b0cf1d2bd039d79a6a9867674a3fe211be0f2b18cf21ba5f6fb9c0469742eef91dbca4bef4c2981a4adcb926cec011c3b86d39473fb4
- SSDEEP
  
  6144:TnLTzWdHub3CXG4V0GFNaNa2sBICvUH8snh/:DHzWds3EG4V0u4RsBICM9n
Score

10^/10

smokeloader summ backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadersummbackdoortrojan

behavioral2

smokeloadersummbackdoortrojan