smokeloader | c52c8c60c2e4d14db1ae71d0bec0f3aee11100604af68812b291b863dddf7218 | Triage

Resubmissions

12-10-2023 08:12

231012-j36cvsad99 10

12-10-2023 04:51

231012-fgv38afh8z 10

Sharing

General

Target

c52c8c60c2e4d14db1ae71d0bec0f3aee11100604af68812b291b863dddf7218
Size

965KB
Sample

231012-j36cvsad99
MD5

340fb8e45f17b972a524c0f55b670d92
SHA1

914be32c2c492f7fda1d62c247ab585044066d01
SHA256

c52c8c60c2e4d14db1ae71d0bec0f3aee11100604af68812b291b863dddf7218
SHA512

c3cda900334507af66f38d92b49e1139e0b31bfb7c1de8107cce7bace9ef1360f751d910483d2f83625dd1f4000d7d99fef5ea180d294039d4405068bcac6d7a
SSDEEP

12288:a59vHSylVEepsxylL5dPM7xj1Vc1jBAhEQtt7kxI56u99lTVOFXa+nW:anGepsxylL5dPMdj8jqtttlTROo+nW

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  c52c8c60c2e4d14db1ae71d0bec0f3aee11100604af68812b291b863dddf7218
- Size
  
  965KB
- MD5
  
  340fb8e45f17b972a524c0f55b670d92
- SHA1
  
  914be32c2c492f7fda1d62c247ab585044066d01
- SHA256
  
  c52c8c60c2e4d14db1ae71d0bec0f3aee11100604af68812b291b863dddf7218
- SHA512
  
  c3cda900334507af66f38d92b49e1139e0b31bfb7c1de8107cce7bace9ef1360f751d910483d2f83625dd1f4000d7d99fef5ea180d294039d4405068bcac6d7a
- SSDEEP
  
  12288:a59vHSylVEepsxylL5dPM7xj1Vc1jBAhEQtt7kxI56u99lTVOFXa+nW:anGepsxylL5dPMdj8jqtttlTROo+nW
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan