smokeloader

General

Target

0ed0ed66bca7dea4b4db2d774d0bc20c
Size

299KB
Sample

231219-m3q5qaggdm
MD5

0ed0ed66bca7dea4b4db2d774d0bc20c
SHA1

990d7397df84500308f3469a148e7b1ad86d9309
SHA256

c3bf65401ec1efe7d49bcaf30073800089212b8d8dd5b8c56cdbcc661c713d88
SHA512

2c5b80e60e1d9a210dd94a420ff09e41250baa095704d7f18eec80bde5b79c962a1fe255b83b2f9d093816d37f46d78dfd9ad47bd343bea80c55a0258d49f9b6
SSDEEP

6144:PYfcSPf0NL+K5PzXlCG3xTqJL6SAJOOhxxdeTr/ekI:Pm8zzXA4mL6SSzxd6L

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://fiskahlilian16.top/

http://paishancho17.top/

http://ydiannetter18.top/

http://azarehanelle19.top/

http://quericeriant20.top/

rc4.i32

Targets

- Target
  
  0ed0ed66bca7dea4b4db2d774d0bc20c
- Size
  
  299KB
- MD5
  
  0ed0ed66bca7dea4b4db2d774d0bc20c
- SHA1
  
  990d7397df84500308f3469a148e7b1ad86d9309
- SHA256
  
  c3bf65401ec1efe7d49bcaf30073800089212b8d8dd5b8c56cdbcc661c713d88
- SHA512
  
  2c5b80e60e1d9a210dd94a420ff09e41250baa095704d7f18eec80bde5b79c962a1fe255b83b2f9d093816d37f46d78dfd9ad47bd343bea80c55a0258d49f9b6
- SSDEEP
  
  6144:PYfcSPf0NL+K5PzXlCG3xTqJL6SAJOOhxxdeTr/ekI:Pm8zzXA4mL6SSzxd6L
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2