smokeloader | 037d6a90eff8c545c3117e237a3c590681d9207112ed06088105cb89ac3b321f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

037d6a90eff8c545c3117e237a3c590681d9207112ed06088105cb89ac3b321f
Size

178KB
Sample

231029-pe7tnshe34
MD5

ebeb45ea71af4e7c0cd14879261d0ec5
SHA1

c70d1f4274c3b7ff954f810d47f11a773678e364
SHA256

037d6a90eff8c545c3117e237a3c590681d9207112ed06088105cb89ac3b321f
SHA512

91c2b31f2f793ef5ec08c3a6400beb0f7028a345d3459f2c691c499b1b83a99fce9ac0fcd7327c13dced78965df5d9c2a7f44189f1cc0d115919624f13a0d050
SSDEEP

3072:SpXTqeo6s9NGxKUSuHvxsPrNSE3atkrQqFpUtLtGqwd3V7X7vw:GTqQs9w0UhPx8rNSEUtJI

Score

10^/10

smokeloader 0024 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0024

Extracted

Family

smokeloader

Version

2022

C2

https://utah-saints.com/search.php

https://atlanta-newspaper.com/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  037d6a90eff8c545c3117e237a3c590681d9207112ed06088105cb89ac3b321f
- Size
  
  178KB
- MD5
  
  ebeb45ea71af4e7c0cd14879261d0ec5
- SHA1
  
  c70d1f4274c3b7ff954f810d47f11a773678e364
- SHA256
  
  037d6a90eff8c545c3117e237a3c590681d9207112ed06088105cb89ac3b321f
- SHA512
  
  91c2b31f2f793ef5ec08c3a6400beb0f7028a345d3459f2c691c499b1b83a99fce9ac0fcd7327c13dced78965df5d9c2a7f44189f1cc0d115919624f13a0d050
- SSDEEP
  
  3072:SpXTqeo6s9NGxKUSuHvxsPrNSE3atkrQqFpUtLtGqwd3V7X7vw:GTqQs9w0UhPx8rNSEUtJI
Score

10^/10

smokeloader 0024 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0024backdoortrojan