smokeloader | 61eb677544345506832a856f2e36dd5a50428e7242f9a0a92b87a5b76b374ffd | Triage

Sharing

General

Target

61eb677544345506832a856f2e36dd5a50428e7242f9a0a92b87a5b76b374ffd
Size

222KB
Sample

230918-2yzzdsfc78
MD5

26c7d0f64ba1fdcce1ed66eb7bc8d7bb
SHA1

9202b3e253a4383800b0a7f6d6a58c7f04dcc71f
SHA256

61eb677544345506832a856f2e36dd5a50428e7242f9a0a92b87a5b76b374ffd
SHA512

b3cb50a04e7c1b54e57f73b5e8815b69f0e68683964f81fb72ee3ced010540e54347472e5f5cdc979045d36c264cf7dacd44db74b3cc79f0c1be947a8ad6b781
SSDEEP

3072:QAuikDKOLhvnnsZ4L0FAb/REb/FkXb36dYC64IdkCeD5WSehTo2:NkOOL5nnsuL0FAbuBkXb3gV6BvSehTx

Score

10^/10

smokeloader 0023 backdoor collection evasion spyware stealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0023

Extracted

Family

smokeloader

Version

2022

C2

https://nebraska-pizza.com/search.php

https://alaska-ships.com/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  61eb677544345506832a856f2e36dd5a50428e7242f9a0a92b87a5b76b374ffd
- Size
  
  222KB
- MD5
  
  26c7d0f64ba1fdcce1ed66eb7bc8d7bb
- SHA1
  
  9202b3e253a4383800b0a7f6d6a58c7f04dcc71f
- SHA256
  
  61eb677544345506832a856f2e36dd5a50428e7242f9a0a92b87a5b76b374ffd
- SHA512
  
  b3cb50a04e7c1b54e57f73b5e8815b69f0e68683964f81fb72ee3ced010540e54347472e5f5cdc979045d36c264cf7dacd44db74b3cc79f0c1be947a8ad6b781
- SSDEEP
  
  3072:QAuikDKOLhvnnsZ4L0FAb/REb/FkXb36dYC64IdkCeD5WSehTo2:NkOOL5nnsuL0FAbuBkXb3gV6BvSehTx
Score

10^/10

smokeloader 0023 backdoor collection evasion spyware stealer trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0023backdoorcollectionevasionspywarestealertrojan