smokeloader | 9b7ae8482f7f91e9ab06c9813ae53b4fa12833952f59040dc3e075de5425ea93 | Triage

Resubmissions

10/10/2023, 05:12

231010-fwcv7adc37 10

06/10/2023, 20:44

231006-zjec2afh3x 10

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9b7ae8482f7f91e9ab06c9813ae53b4fa12833952f59040dc3e075de5425ea93_JC.exe
Size

268KB
Sample

231010-fwcv7adc37
MD5

5968d720b9cd2970cf2546f24b62291c
SHA1

cf714518e83ec5cdfa584edf793a89bc0c0d4a12
SHA256

9b7ae8482f7f91e9ab06c9813ae53b4fa12833952f59040dc3e075de5425ea93
SHA512

802400078505381ac75c126635ab8de443cf430fe9644c0c9c4268f3c86b15e0715bccc968b69906099de823cd78b0676ce0976c858f7dfae6fec8a47baf665f
SSDEEP

3072:3Wumx+E4+nVWQOxYRrGQ8aofxxGuOpaM6oc/p5/XiwAA3SPuzFE5IVQkjseAg0F/:5mcQCFz5kyocx5/X/3SPl5MAOCbfj06

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  NEAS.9b7ae8482f7f91e9ab06c9813ae53b4fa12833952f59040dc3e075de5425ea93_JC.exe
- Size
  
  268KB
- MD5
  
  5968d720b9cd2970cf2546f24b62291c
- SHA1
  
  cf714518e83ec5cdfa584edf793a89bc0c0d4a12
- SHA256
  
  9b7ae8482f7f91e9ab06c9813ae53b4fa12833952f59040dc3e075de5425ea93
- SHA512
  
  802400078505381ac75c126635ab8de443cf430fe9644c0c9c4268f3c86b15e0715bccc968b69906099de823cd78b0676ce0976c858f7dfae6fec8a47baf665f
- SSDEEP
  
  3072:3Wumx+E4+nVWQOxYRrGQ8aofxxGuOpaM6oc/p5/XiwAA3SPuzFE5IVQkjseAg0F/:5mcQCFz5kyocx5/X/3SPl5MAOCbfj06
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan