smokeloader | 01e062f17f17f54100c3d6849477017acdd7bd57f751a7eb18484c77474d5a6a | Triage

Sharing

General

Target

72787c0133ebe280a7d16f6db8000bcd
Size

326KB
Sample

231226-qqvh6ahgen
MD5

72787c0133ebe280a7d16f6db8000bcd
SHA1

b287f8d7f22ded27444ae999e65a599cca8cc60a
SHA256

01e062f17f17f54100c3d6849477017acdd7bd57f751a7eb18484c77474d5a6a
SHA512

8e2fd5d50d0f4579a5b7721d5c1fdc6bef1582822a723f293cf0b982eee588bf9d933499c5c16941474a4e3928c42d2305984652aa9542ac31ebcea4dcd9c596
SSDEEP

6144:FXURnqgV/GvULWy9BtdNVJjq3MGMXmSUexV:FonTTWy9BFVJLmUx

Score

10^/10

smokeloader 0002 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0002

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php

rc4.i32

rc4.i32

Targets

- Target
  
  72787c0133ebe280a7d16f6db8000bcd
- Size
  
  326KB
- MD5
  
  72787c0133ebe280a7d16f6db8000bcd
- SHA1
  
  b287f8d7f22ded27444ae999e65a599cca8cc60a
- SHA256
  
  01e062f17f17f54100c3d6849477017acdd7bd57f751a7eb18484c77474d5a6a
- SHA512
  
  8e2fd5d50d0f4579a5b7721d5c1fdc6bef1582822a723f293cf0b982eee588bf9d933499c5c16941474a4e3928c42d2305984652aa9542ac31ebcea4dcd9c596
- SSDEEP
  
  6144:FXURnqgV/GvULWy9BtdNVJjq3MGMXmSUexV:FonTTWy9BFVJLmUx
Score

10^/10

smokeloader 0002 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0002backdoortrojan

behavioral2

smokeloader0002backdoortrojan