smokeloader | 3c4dc044069b4e6879df0a884b72ddbf226f7486e42a41810eb4817de91a54ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c4dc044069b4e6879df0a884b72ddbf226f7486e42a41810eb4817de91a54ee
Size

177KB
Sample

231029-2enf9abd94
MD5

788bd522243fcc467ad3a8fee79cf208
SHA1

aa12ea858170e81532a8899d3c5f5a6f43a4923d
SHA256

3c4dc044069b4e6879df0a884b72ddbf226f7486e42a41810eb4817de91a54ee
SHA512

06fe385b9a926d69f64a6a9535e47cd038bf77255c0449900df2412cb8d4fac57f3d6ac2b4682f93333f4f9cd7245618839a3f62a77a012f6d043991c480b549
SSDEEP

3072:95Xk6g8oUcHPr7ngNRTRzAq9R+vM8kxcQd/:DHLoUcHP3STRzAu+vM8V

Score

10^/10

smokeloader 0024 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0024

Extracted

Family

smokeloader

Version

2022

C2

https://utah-saints.com/search.php

https://atlanta-newspaper.com/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  3c4dc044069b4e6879df0a884b72ddbf226f7486e42a41810eb4817de91a54ee
- Size
  
  177KB
- MD5
  
  788bd522243fcc467ad3a8fee79cf208
- SHA1
  
  aa12ea858170e81532a8899d3c5f5a6f43a4923d
- SHA256
  
  3c4dc044069b4e6879df0a884b72ddbf226f7486e42a41810eb4817de91a54ee
- SHA512
  
  06fe385b9a926d69f64a6a9535e47cd038bf77255c0449900df2412cb8d4fac57f3d6ac2b4682f93333f4f9cd7245618839a3f62a77a012f6d043991c480b549
- SSDEEP
  
  3072:95Xk6g8oUcHPr7ngNRTRzAq9R+vM8kxcQd/:DHLoUcHP3STRzAu+vM8V
Score

10^/10

smokeloader 0024 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0024backdoortrojan