smokeloader | 8c6dfaec327322e7c5ae33905de29559e271c7c984ad7d26a53880babf5c4558 | Triage

Sharing

General

Target

aa165ae70e902e658aa8119c2ec4f704.bin
Size

37KB
Sample

231212-eh5tdaeecn
MD5

aa165ae70e902e658aa8119c2ec4f704
SHA1

ca5cbde15db54c6a40fd75b8905c9c1ea501219f
SHA256

8c6dfaec327322e7c5ae33905de29559e271c7c984ad7d26a53880babf5c4558
SHA512

e8bc69c8c38ccc2dc6553217a4611ef61251b396f35e9a741506768c6286bb4ae217a8414014134559c8c172b49044728cd15cc79771fd094ccbce83e36a0d4e
SSDEEP

768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  aa165ae70e902e658aa8119c2ec4f704.bin
- Size
  
  37KB
- MD5
  
  aa165ae70e902e658aa8119c2ec4f704
- SHA1
  
  ca5cbde15db54c6a40fd75b8905c9c1ea501219f
- SHA256
  
  8c6dfaec327322e7c5ae33905de29559e271c7c984ad7d26a53880babf5c4558
- SHA512
  
  e8bc69c8c38ccc2dc6553217a4611ef61251b396f35e9a741506768c6286bb4ae217a8414014134559c8c172b49044728cd15cc79771fd094ccbce83e36a0d4e
- SSDEEP
  
  768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan