smokeloader | 8823b9a0c71ed9de32bede2f8925f78bdff0c5a16621978a66ede52dc9fa23d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8823b9a0c71ed9de32bede2f8925f78bdff0c5a16621978a66ede52dc9fa23d5_JC.exe
Size

39KB
Sample

230806-phbkmsbf3z
MD5

33f6991f38f3723ef7bf69aa99c6a239
SHA1

2fc073e578a98749eafcc9def2c4c2beb1fcf8d0
SHA256

8823b9a0c71ed9de32bede2f8925f78bdff0c5a16621978a66ede52dc9fa23d5
SHA512

9c2c983b8d13225297fed1d10e4eb058088b49af9426a526c7174fb9437c670f7ae12ae9ee554a594515f49e30c519baa2a9cd35fb2b9175c65a5f9c8c67b45c
SSDEEP

384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  8823b9a0c71ed9de32bede2f8925f78bdff0c5a16621978a66ede52dc9fa23d5_JC.exe
- Size
  
  39KB
- MD5
  
  33f6991f38f3723ef7bf69aa99c6a239
- SHA1
  
  2fc073e578a98749eafcc9def2c4c2beb1fcf8d0
- SHA256
  
  8823b9a0c71ed9de32bede2f8925f78bdff0c5a16621978a66ede52dc9fa23d5
- SHA512
  
  9c2c983b8d13225297fed1d10e4eb058088b49af9426a526c7174fb9437c670f7ae12ae9ee554a594515f49e30c519baa2a9cd35fb2b9175c65a5f9c8c67b45c
- SSDEEP
  
  384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan