smokeloader | cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2 | Triage

Sharing

General

Target

cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2
Size

288KB
Sample

230803-hs61zabg96
MD5

93975a8b4e591ef7b093c0918b3529a4
SHA1

1ee111b47e541435b139f728ec4626f544c257eb
SHA256

cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2
SHA512

3728a80724acf0bd3e4f767abf8d4c6dc9386fc932381a74678c640b62f3bd71f864f7c4d0aa77dd203aa5badbf1a1a4f0fb8990a343200c052e9262ba7e193a
SSDEEP

3072:wN9NiWI5ZubuTLBJ0j+uyTcMuvwew0ulOGZ+BchFA0XKk+1HqVEWj:sz+5ZubKLBJ0jsTFuPw0eOqUCFAP1H

Score

10^/10

smokeloader 0020 backdoor evasion trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0020

Extracted

Family

smokeloader

Version

2022

C2

https://nebraska-pizza.com/search.php

https://alaska-ships.com/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2
- Size
  
  288KB
- MD5
  
  93975a8b4e591ef7b093c0918b3529a4
- SHA1
  
  1ee111b47e541435b139f728ec4626f544c257eb
- SHA256
  
  cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2
- SHA512
  
  3728a80724acf0bd3e4f767abf8d4c6dc9386fc932381a74678c640b62f3bd71f864f7c4d0aa77dd203aa5badbf1a1a4f0fb8990a343200c052e9262ba7e193a
- SSDEEP
  
  3072:wN9NiWI5ZubuTLBJ0j+uyTcMuvwew0ulOGZ+BchFA0XKk+1HqVEWj:sz+5ZubKLBJ0jsTFuPw0eOqUCFAP1H
Score

10^/10

smokeloader 0020 backdoor trojan evasion
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Windows Firewall
  evasion
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0020backdoortrojan

behavioral2

smokeloader0020backdoorevasiontrojan