smokeloader

General

Target

00c252c10561ea3e490147c36ec865c4
Size

231KB
Sample

231229-xbhdlsfhd9
MD5

00c252c10561ea3e490147c36ec865c4
SHA1

f7d35b298ed28e6c58f2b2077695a19aca733e74
SHA256

dd38cc62af58c3cf22c49e8afdd24965b8e8b052b6ca8861e378aa01dbeb8f36
SHA512

84029ae41b8bb0d20d6c7ce5561d34c38c4c99fcb22c8f2a24a9137f834191ee4e13b2927092550f1175dab35df42a812c188b578307cf81f73bf0da48365168
SSDEEP

3072:H73ehzPBUpyz69DKgrYCoPM0YPxjxHtITWZhiA6Rm0lAQK:H73+LgY69DKoYC9Z1NIkm2j

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

2210

Extracted

Family

smokeloader

Version

2019

C2

http://10022020newfolder1002002131-service1002.space/

http://10022020newfolder1002002231-service1002.space/

http://10022020newfolder3100231-service1002.space/

http://10022020newfolder1002002431-service1002.space/

http://10022020newfolder1002002531-service1002.space/

http://10022020newfolder33417-01242510022020.space/

http://10022020test125831-service1002012510022020.space/

http://10022020test136831-service1002012510022020.space/

http://10022020test147831-service1002012510022020.space/

http://10022020test146831-service1002012510022020.space/

http://10022020test134831-service1002012510022020.space/

http://10022020est213531-service100201242510022020.ru/

http://10022020yes1t3481-service1002012510022020.ru/

http://10022020test13561-service1002012510022020.su/

http://10022020test14781-service1002012510022020.info/

http://10022020test13461-service1002012510022020.net/

http://10022020test15671-service1002012510022020.tech/

http://10022020test12671-service1002012510022020.online/

http://10022020utest1341-service1002012510022020.ru/

http://10022020uest71-service100201dom2510022020.ru/

rc4.i32

Targets

- Target
  
  00c252c10561ea3e490147c36ec865c4
- Size
  
  231KB
- MD5
  
  00c252c10561ea3e490147c36ec865c4
- SHA1
  
  f7d35b298ed28e6c58f2b2077695a19aca733e74
- SHA256
  
  dd38cc62af58c3cf22c49e8afdd24965b8e8b052b6ca8861e378aa01dbeb8f36
- SHA512
  
  84029ae41b8bb0d20d6c7ce5561d34c38c4c99fcb22c8f2a24a9137f834191ee4e13b2927092550f1175dab35df42a812c188b578307cf81f73bf0da48365168
- SSDEEP
  
  3072:H73ehzPBUpyz69DKgrYCoPM0YPxjxHtITWZhiA6Rm0lAQK:H73+LgY69DKoYC9Z1NIkm2j
Score

10^/10

smokeloader 2210 backdoor trojan upx
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

UPX packed file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2