smokeloader | 0ea2448efc5876c15e00b816516cca7797cb516a40e2f892f530f6f293a57bae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ea2448efc5876c15e00b816516cca7797cb516a40e2f892f530f6f293a57bae.exe
Size

230KB
Sample

231124-wp3e9sdc38
MD5

895e352761223ed92e526b847a6ef7af
SHA1

ab4cb374cf46658123f5d4bc5ea6b9bf154d0276
SHA256

0ea2448efc5876c15e00b816516cca7797cb516a40e2f892f530f6f293a57bae
SHA512

8c83bf31140e2793b2263dd54d6ae398fc41f370b5fb5bdcb3ca3e31ff9cd60b2186d67ed6da92ec1f45b552362de303b89970209bdf8a2b0eb41ada13fd160d
SSDEEP

6144:2mE/98lu5jfJYyJ8isiKQfeAOMiCztannTi:2tClu5jKOeuNsnTi

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  0ea2448efc5876c15e00b816516cca7797cb516a40e2f892f530f6f293a57bae.exe
- Size
  
  230KB
- MD5
  
  895e352761223ed92e526b847a6ef7af
- SHA1
  
  ab4cb374cf46658123f5d4bc5ea6b9bf154d0276
- SHA256
  
  0ea2448efc5876c15e00b816516cca7797cb516a40e2f892f530f6f293a57bae
- SHA512
  
  8c83bf31140e2793b2263dd54d6ae398fc41f370b5fb5bdcb3ca3e31ff9cd60b2186d67ed6da92ec1f45b552362de303b89970209bdf8a2b0eb41ada13fd160d
- SSDEEP
  
  6144:2mE/98lu5jfJYyJ8isiKQfeAOMiCztannTi:2tClu5jKOeuNsnTi
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan