smokeloader | 7aee89a0da3c7a003661adefe9cb15bb3de6b1eae68f9b78901e83e92efbc1e1 | Triage

Resubmissions

12/10/2023, 03:11

231012-dp4n8acc6y 10

12/10/2023, 02:59

231012-dgw96sbg5w 10

Sharing

General

Target

7aee89a0da3c7a003661adefe9cb15bb3de6b1eae68f9b78901e83e92efbc1e1
Size

965KB
Sample

231012-dp4n8acc6y
MD5

b44f4c86856d872159aa4826535bcadc
SHA1

e5477661e9ad4879ec5999a609c1ebaa99e70b7a
SHA256

7aee89a0da3c7a003661adefe9cb15bb3de6b1eae68f9b78901e83e92efbc1e1
SHA512

e9a82f3188974c6c8047652ff258133e1861f9a1736200111f9d07756f8ea0d3083e9b96aaf7cee34d803d06e744d58013b2edd3e28c0706d4fa4569fdd6b26a
SSDEEP

12288:T6K4S7N6Fpsx18xz/lhUzWAMYU4dX6eGeQ/y3QZizaoByu99kuwE7nI:TCpsx18xz/lhUy3eX7GJ/PZi0ur7nI

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  7aee89a0da3c7a003661adefe9cb15bb3de6b1eae68f9b78901e83e92efbc1e1
- Size
  
  965KB
- MD5
  
  b44f4c86856d872159aa4826535bcadc
- SHA1
  
  e5477661e9ad4879ec5999a609c1ebaa99e70b7a
- SHA256
  
  7aee89a0da3c7a003661adefe9cb15bb3de6b1eae68f9b78901e83e92efbc1e1
- SHA512
  
  e9a82f3188974c6c8047652ff258133e1861f9a1736200111f9d07756f8ea0d3083e9b96aaf7cee34d803d06e744d58013b2edd3e28c0706d4fa4569fdd6b26a
- SSDEEP
  
  12288:T6K4S7N6Fpsx18xz/lhUzWAMYU4dX6eGeQ/y3QZizaoByu99kuwE7nI:TCpsx18xz/lhUy3eX7GJ/PZi0ur7nI
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan