smokeloader | 5086dde757947a8b62ce0a7b39fe01dbdaceaf90edb1ea5589833a79b82471ac | Triage

Sharing

General

Target

5086dde757947a8b62ce0a7b39fe01dbdaceaf90edb1ea5589833a79b82471ac
Size

288KB
Sample

231008-m6bt7sdg68
MD5

44cad3753db6dfdf68a61dda7583fb24
SHA1

cc6b309afa20c1aa47ad040b5948c3bb223c3d2c
SHA256

5086dde757947a8b62ce0a7b39fe01dbdaceaf90edb1ea5589833a79b82471ac
SHA512

08eaa46f565f42e4c9eee4bca45af4de39ee3e92c3312fd954c60fa4fd0b4bd3f52ccfccbbf5e291f669837701bab24220ebf651aedfec7f95745a6c16004436
SSDEEP

3072:DcSin8xWnDYovrV6FNlACYYJt/2VkPEyWtIxEpwzQjS4/a9:riuWc+rV6/+CYyeuPENTpA

Score

10^/10

smokeloader 0024 backdoor collection evasion trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0024

Extracted

Family

smokeloader

Version

2022

C2

https://utah-saints.com/search.php

https://atlanta-newspaper.com/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  5086dde757947a8b62ce0a7b39fe01dbdaceaf90edb1ea5589833a79b82471ac
- Size
  
  288KB
- MD5
  
  44cad3753db6dfdf68a61dda7583fb24
- SHA1
  
  cc6b309afa20c1aa47ad040b5948c3bb223c3d2c
- SHA256
  
  5086dde757947a8b62ce0a7b39fe01dbdaceaf90edb1ea5589833a79b82471ac
- SHA512
  
  08eaa46f565f42e4c9eee4bca45af4de39ee3e92c3312fd954c60fa4fd0b4bd3f52ccfccbbf5e291f669837701bab24220ebf651aedfec7f95745a6c16004436
- SSDEEP
  
  3072:DcSin8xWnDYovrV6FNlACYYJt/2VkPEyWtIxEpwzQjS4/a9:riuWc+rV6/+CYyeuPENTpA
Score

10^/10

smokeloader 0024 backdoor collection evasion trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0024backdoorcollectionevasiontrojan