smokeloader | 669d402216f388239a2c9a5556fa2ad6a4947596564c059a5fa82fa2e5ae5b8a | Triage

Sharing

General

Target

669d402216f388239a2c9a5556fa2ad6a4947596564c059a5fa82fa2e5ae5b8a
Size

256KB
Sample

231012-qjnf9sdf56
MD5

8ba1e28a0d402ca942eaa2b9777e54a9
SHA1

bdb94ac387b72731dd675d45f248a16f3f17cd58
SHA256

669d402216f388239a2c9a5556fa2ad6a4947596564c059a5fa82fa2e5ae5b8a
SHA512

a8fbe00d876fcd1bbff352012628cdc9e707274d58a6ead188bd9e6ca2f96c1103dd14bd7501b8e8fcc793bf550911596b11b911a478dca04d17a91e6d73efaa
SSDEEP

3072:2vtdVTSgsfmTcIY0Su9qGOBq6QxmnPe0FW39QP9GF:4tdVFWKsugM6OmnPe0FW36

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://onualituyrs.org/

http://sumagulituyo.org/

http://snukerukeutit.org/

http://lightseinsteniki.org/

http://liuliuoumumy.org/

http://stualialuyastrelia.net/

http://kumbuyartyty.net/

http://criogetikfenbut.org/

http://tonimiuyaytre.org/

http://tyiuiunuewqy.org/

rc4.i32

rc4.i32

Targets

- Target
  
  669d402216f388239a2c9a5556fa2ad6a4947596564c059a5fa82fa2e5ae5b8a
- Size
  
  256KB
- MD5
  
  8ba1e28a0d402ca942eaa2b9777e54a9
- SHA1
  
  bdb94ac387b72731dd675d45f248a16f3f17cd58
- SHA256
  
  669d402216f388239a2c9a5556fa2ad6a4947596564c059a5fa82fa2e5ae5b8a
- SHA512
  
  a8fbe00d876fcd1bbff352012628cdc9e707274d58a6ead188bd9e6ca2f96c1103dd14bd7501b8e8fcc793bf550911596b11b911a478dca04d17a91e6d73efaa
- SSDEEP
  
  3072:2vtdVTSgsfmTcIY0Su9qGOBq6QxmnPe0FW39QP9GF:4tdVFWKsugM6OmnPe0FW36
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan