smokeloader | bae93cf5e0de35c574ae5c2d78ae5f7929c1f944e885624009972146f85eb1e7 | Triage

Sharing

General

Target

bd0ffc2e1a9f0f13c8778fbe043af0b7.exe
Size

218KB
Sample

230819-hlctjshh5x
MD5

bd0ffc2e1a9f0f13c8778fbe043af0b7
SHA1

b45f1b45b4ea3b8118eec41497e097b0cb3e6fbf
SHA256

bae93cf5e0de35c574ae5c2d78ae5f7929c1f944e885624009972146f85eb1e7
SHA512

68c59ee19467a94f58f7f290bc3972f76570c324ff298dba94972414c0607d81fe9f112027194427a12e2edfbe10defaf4b06026a7ea5ea4a06b3ee220bb73c0
SSDEEP

3072:pFCcgLex7JOKS41sh/RR2Hyh0PLQLxrObBKJEUMOaSpzgwfZAz5ckD9yOA:XdgLu7w54SZRKMk1KJEUhJgJqkD9yv

Score

10^/10

smokeloader sel8 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

sel8

Extracted

Family

smokeloader

Version

2022

C2

https://anydesk-my.com/faq/

http://anydesk-my.com/faq/

rc4.i32

rc4.i32

Targets

- Target
  
  bd0ffc2e1a9f0f13c8778fbe043af0b7.exe
- Size
  
  218KB
- MD5
  
  bd0ffc2e1a9f0f13c8778fbe043af0b7
- SHA1
  
  b45f1b45b4ea3b8118eec41497e097b0cb3e6fbf
- SHA256
  
  bae93cf5e0de35c574ae5c2d78ae5f7929c1f944e885624009972146f85eb1e7
- SHA512
  
  68c59ee19467a94f58f7f290bc3972f76570c324ff298dba94972414c0607d81fe9f112027194427a12e2edfbe10defaf4b06026a7ea5ea4a06b3ee220bb73c0
- SSDEEP
  
  3072:pFCcgLex7JOKS41sh/RR2Hyh0PLQLxrObBKJEUMOaSpzgwfZAz5ckD9yOA:XdgLu7w54SZRKMk1KJEUhJgJqkD9yv
Score

10^/10

smokeloader sel8 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloadersel8backdoortrojan

behavioral2

smokeloadersel8backdoortrojan