smokeloader | c15014078913b07fd63d1d17a67e4708f4a068b061280f1c86d4d003b6b5e9c8 | Triage

Resubmissions

02/10/2023, 04:24

231002-e1g52agh88 10

02/10/2023, 02:54

231002-ddzk5agf86 10

Sharing

Copy URL Twitter E-mail

General

Target

c15014078913b07fd63d1d17a67e4708f4a068b061280f1c86d4d003b6b5e9c8
Size

194KB
Sample

231002-e1g52agh88
MD5

29676794faec0f9b1a7c4d2c166ab325
SHA1

ac269fdd27a590fde4ed6de0ca101d0f8290c4a9
SHA256

c15014078913b07fd63d1d17a67e4708f4a068b061280f1c86d4d003b6b5e9c8
SHA512

3aaa39bb2c1a2fb1156b6adcd873df653b740f10852a03d15d174da41d65d6aed2cd0cb29032cba0f688f6b56b9755f983ccc166e00c47e48c33dfb0249a4546
SSDEEP

3072:DFv2B8/xCrZB+k5rSujJc4C0GBghoJD68YlbKHk0YMG68KxZ5NLkHT5sZS2mKuwo:DEB8wqk9ljZGBgGDobjgt8IWu2KdTRX6

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  c15014078913b07fd63d1d17a67e4708f4a068b061280f1c86d4d003b6b5e9c8
- Size
  
  194KB
- MD5
  
  29676794faec0f9b1a7c4d2c166ab325
- SHA1
  
  ac269fdd27a590fde4ed6de0ca101d0f8290c4a9
- SHA256
  
  c15014078913b07fd63d1d17a67e4708f4a068b061280f1c86d4d003b6b5e9c8
- SHA512
  
  3aaa39bb2c1a2fb1156b6adcd873df653b740f10852a03d15d174da41d65d6aed2cd0cb29032cba0f688f6b56b9755f983ccc166e00c47e48c33dfb0249a4546
- SSDEEP
  
  3072:DFv2B8/xCrZB+k5rSujJc4C0GBghoJD68YlbKHk0YMG68KxZ5NLkHT5sZS2mKuwo:DEB8wqk9ljZGBgGDobjgt8IWu2KdTRX6
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan