smokeloader | 36fab7ee4c81707dad32ecd797a47bd156aa2fa1e713c3dded602c8c66f4e87e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36fab7ee4c81707dad32ecd797a47bd156aa2fa1e713c3dded602c8c66f4e87e
Size

253KB
Sample

230722-14cklscd64
MD5

ae88d99cce44cd2db6fdc963aaebbf8a
SHA1

94141ddb86ba1b29d2342e16a2bfc764c9aa8f00
SHA256

36fab7ee4c81707dad32ecd797a47bd156aa2fa1e713c3dded602c8c66f4e87e
SHA512

90ebf1f999ce036e2ddcc44bf93d35238430d4f7bf1dfaae5cc768c6957943d4eed9decb0929975f35ceaf0801ad16b9a830cc6cc83ef1656e3554650cab8584
SSDEEP

3072:Dv0vmctfDANG3Q3QXiuNGperGnXbb6UDKzhcut06YC8nGCupV6/ud:YvhtbAE3Q4iujqLbRDycPC8nWpV6/u

Score

10^/10

smokeloader backdoor collection trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

https://anydesk-my.com/faq/

http://anydesk-my.com/faq/

rc4.i32

rc4.i32

Targets

- Target
  
  36fab7ee4c81707dad32ecd797a47bd156aa2fa1e713c3dded602c8c66f4e87e
- Size
  
  253KB
- MD5
  
  ae88d99cce44cd2db6fdc963aaebbf8a
- SHA1
  
  94141ddb86ba1b29d2342e16a2bfc764c9aa8f00
- SHA256
  
  36fab7ee4c81707dad32ecd797a47bd156aa2fa1e713c3dded602c8c66f4e87e
- SHA512
  
  90ebf1f999ce036e2ddcc44bf93d35238430d4f7bf1dfaae5cc768c6957943d4eed9decb0929975f35ceaf0801ad16b9a830cc6cc83ef1656e3554650cab8584
- SSDEEP
  
  3072:Dv0vmctfDANG3Q3QXiuNGperGnXbb6UDKzhcut06YC8nGCupV6/ud:YvhtbAE3Q4iujqLbRDycPC8nWpV6/u
Score

10^/10

smokeloader backdoor trojan collection
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiontrojan