smokeloader | 9b5c2dbbec55619e78139b4e39d27855ae450289fc22b10a08b7206946b83680 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00050000000186be-122.dat
Size

40KB
Sample

230806-ca533agh4z
MD5

32f23eb0e3fa65ecc2a83c88cdf48bad
SHA1

164bf52de147e2e603e384b0e279cb26f2f1b487
SHA256

9b5c2dbbec55619e78139b4e39d27855ae450289fc22b10a08b7206946b83680
SHA512

8f00a68109152a8f77c66f718b31d00d74b58a68f6a4be130ef7fbe6a4268ec741a69484d2aaa46d46809dd3b0548d3be94282982adb2da26f6f39d5146de8e2
SSDEEP

384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  0x00050000000186be-122.dat
- Size
  
  40KB
- MD5
  
  32f23eb0e3fa65ecc2a83c88cdf48bad
- SHA1
  
  164bf52de147e2e603e384b0e279cb26f2f1b487
- SHA256
  
  9b5c2dbbec55619e78139b4e39d27855ae450289fc22b10a08b7206946b83680
- SHA512
  
  8f00a68109152a8f77c66f718b31d00d74b58a68f6a4be130ef7fbe6a4268ec741a69484d2aaa46d46809dd3b0548d3be94282982adb2da26f6f39d5146de8e2
- SSDEEP
  
  384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan