smokeloader | 518aecef5bf06256a9fac8534575ed87360c78e102cd27c55d0635cb98551668 | Triage

Resubmissions

19/09/2023, 04:11

230919-er9tpagh34 10

19/09/2023, 03:45

230919-ebecvagg26 10

Sharing

General

Target

518aecef5bf06256a9fac8534575ed87360c78e102cd27c55d0635cb98551668
Size

261KB
Sample

230919-er9tpagh34
MD5

a02bd32ecd3b37c281c025342a64c82f
SHA1

3c1e86d948dc5edb0b5d76339cb516bbdf10cfb6
SHA256

518aecef5bf06256a9fac8534575ed87360c78e102cd27c55d0635cb98551668
SHA512

82d030db1ba5cbc617c69cdd801421c3981ab28c13df95d3de5c32d61b186ea39829dd6502067a755da851ad8cd72344bc92b36582b142a89c437de7057042a6
SSDEEP

6144:YJvJm09zORs+z/TMify9DAOnqQHtQhRLfgZ8/:Ypw09CK5NACQhy8/

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  518aecef5bf06256a9fac8534575ed87360c78e102cd27c55d0635cb98551668
- Size
  
  261KB
- MD5
  
  a02bd32ecd3b37c281c025342a64c82f
- SHA1
  
  3c1e86d948dc5edb0b5d76339cb516bbdf10cfb6
- SHA256
  
  518aecef5bf06256a9fac8534575ed87360c78e102cd27c55d0635cb98551668
- SHA512
  
  82d030db1ba5cbc617c69cdd801421c3981ab28c13df95d3de5c32d61b186ea39829dd6502067a755da851ad8cd72344bc92b36582b142a89c437de7057042a6
- SSDEEP
  
  6144:YJvJm09zORs+z/TMify9DAOnqQHtQhRLfgZ8/:Ypw09CK5NACQhy8/
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan