smokeloader | a26fa22fb2e2c1f2ab1ca28b271ae6f960e69f46fa5926b3e327beb656f0b5cc | Triage

Sharing

General

Target

a26fa22fb2e2c1f2ab1ca28b271ae6f960e69f46fa5926b3e327beb656f0b5cc
Size

254KB
Sample

231023-fp9lksgc32
MD5

8a5df9188d55f2e4139033e94b3ffe72
SHA1

7a013a3c6f1bf12752b979694bd774499ae62116
SHA256

a26fa22fb2e2c1f2ab1ca28b271ae6f960e69f46fa5926b3e327beb656f0b5cc
SHA512

6ba19498e8d721ad476abbb8b80c0a6a2038db440a1e772ae879da0ae38e11b636396e1f5ee3776267f2f02f3219c57d970258f70959a40c5d73dcc631cb4447
SSDEEP

3072:kwXA+hpKbLK0OSZvM5nF7crPiZ38PteyzjR5RZCo+Dn1K5x7625Uc4+wQAJQAfrz:R9hpKbL/LZ0M8M1pDf+SxafL/

Score

10^/10

smokeloader 0024 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0024

Extracted

Family

smokeloader

Version

2022

C2

https://utah-saints.com/search.php

https://atlanta-newspaper.com/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  a26fa22fb2e2c1f2ab1ca28b271ae6f960e69f46fa5926b3e327beb656f0b5cc
- Size
  
  254KB
- MD5
  
  8a5df9188d55f2e4139033e94b3ffe72
- SHA1
  
  7a013a3c6f1bf12752b979694bd774499ae62116
- SHA256
  
  a26fa22fb2e2c1f2ab1ca28b271ae6f960e69f46fa5926b3e327beb656f0b5cc
- SHA512
  
  6ba19498e8d721ad476abbb8b80c0a6a2038db440a1e772ae879da0ae38e11b636396e1f5ee3776267f2f02f3219c57d970258f70959a40c5d73dcc631cb4447
- SSDEEP
  
  3072:kwXA+hpKbLK0OSZvM5nF7crPiZ38PteyzjR5RZCo+Dn1K5x7625Uc4+wQAJQAfrz:R9hpKbL/LZ0M8M1pDf+SxafL/
Score

10^/10

smokeloader 0024 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0024backdoortrojan