smokeloader | dc8d21a57c36da8e09cd989595d345fca73b4dbd2bf0ded29a706780c33e0428 | Triage

Sharing

General

Target

1529678f458bb541653b4321e4e8d7bc.exe
Size

48KB
Sample

230827-vtn8rsca38
MD5

1529678f458bb541653b4321e4e8d7bc
SHA1

30419e279bb82c9e17d7865496e828e6f906f1a7
SHA256

dc8d21a57c36da8e09cd989595d345fca73b4dbd2bf0ded29a706780c33e0428
SHA512

0651e9fe1f4a1e9e9e66b98899cb55b5610512a6658b6550bfa8b9e1df6b0a13674302c873b182e6add10569a6dfc20a19a48e728a0ce92d22b27259d80955ce
SSDEEP

384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  1529678f458bb541653b4321e4e8d7bc.exe
- Size
  
  48KB
- MD5
  
  1529678f458bb541653b4321e4e8d7bc
- SHA1
  
  30419e279bb82c9e17d7865496e828e6f906f1a7
- SHA256
  
  dc8d21a57c36da8e09cd989595d345fca73b4dbd2bf0ded29a706780c33e0428
- SHA512
  
  0651e9fe1f4a1e9e9e66b98899cb55b5610512a6658b6550bfa8b9e1df6b0a13674302c873b182e6add10569a6dfc20a19a48e728a0ce92d22b27259d80955ce
- SSDEEP
  
  384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan