smokeloader | 4db3149b8145450ee0395e6273deb376db18c1041bff539eea36a203584cfb57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4db3149b8145450ee0395e6273deb376db18c1041bff539eea36a203584cfb57
Size

238KB
Sample

230815-wq1ytseg9w
MD5

f3743d7a9d4b8bdb3f1b04e8472d86d3
SHA1

7999010f3ca4acdb7e0d208d0d41a76c5ca24ade
SHA256

4db3149b8145450ee0395e6273deb376db18c1041bff539eea36a203584cfb57
SHA512

0e0a95f0f8b9f2b6e7bdbcdc6f21f7918f5cb019d7e8ca65d2b61dcb761993b950151f6e10061a6e7249e1dcb89a3f025afd673b8e3b9453a12562988221ddfb
SSDEEP

3072:hXQhEhGvKWLZ3Ijn7AbmkkaCl8gT/L7eWK0ZwYrdFRLjhsA5//K:FHGvnLNIjn76UL/z/fK0ZVphsC/

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

rc4.i32

rc4.i32

Targets

- Target
  
  4db3149b8145450ee0395e6273deb376db18c1041bff539eea36a203584cfb57
- Size
  
  238KB
- MD5
  
  f3743d7a9d4b8bdb3f1b04e8472d86d3
- SHA1
  
  7999010f3ca4acdb7e0d208d0d41a76c5ca24ade
- SHA256
  
  4db3149b8145450ee0395e6273deb376db18c1041bff539eea36a203584cfb57
- SHA512
  
  0e0a95f0f8b9f2b6e7bdbcdc6f21f7918f5cb019d7e8ca65d2b61dcb761993b950151f6e10061a6e7249e1dcb89a3f025afd673b8e3b9453a12562988221ddfb
- SSDEEP
  
  3072:hXQhEhGvKWLZ3Ijn7AbmkkaCl8gT/L7eWK0ZwYrdFRLjhsA5//K:FHGvnLNIjn76UL/z/fK0ZVphsC/
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderbackdoortrojan