smokeloader | 69cfef2e0a767b6ed50194f288b0d1f6bd4e825b23adb037e4c2e3695fac5a62 | Triage

Sharing

General

Target

69cfef2e0a767b6ed50194f288b0d1f6bd4e825b23adb037e4c2e3695fac5a62
Size

296KB
Sample

240418-2m9dpaha34
MD5

465f7777fd70fc0cd9325550a1786cd3
SHA1

03e305fb6ca5ee3082b84e5e013a61f6dc057e1e
SHA256

69cfef2e0a767b6ed50194f288b0d1f6bd4e825b23adb037e4c2e3695fac5a62
SHA512

6a20ee2d496441a48aa6249ccb5b50ac5146d8d9a3ec50a5a4c827205048be0194254dd8e28f6c1201310ec3c0c75103f4f5a5b801b62920680bd43b68b36ba5
SSDEEP

3072:tE3lMHLSW0Dwkp5bHYp6Ebx9D9C5nG8tvO+IDt45+no5JFX4K1uIKF:4MHLOwgC6QDKrG910oou

Score

10^/10

smokeloader pub1 backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  69cfef2e0a767b6ed50194f288b0d1f6bd4e825b23adb037e4c2e3695fac5a62
- Size
  
  296KB
- MD5
  
  465f7777fd70fc0cd9325550a1786cd3
- SHA1
  
  03e305fb6ca5ee3082b84e5e013a61f6dc057e1e
- SHA256
  
  69cfef2e0a767b6ed50194f288b0d1f6bd4e825b23adb037e4c2e3695fac5a62
- SHA512
  
  6a20ee2d496441a48aa6249ccb5b50ac5146d8d9a3ec50a5a4c827205048be0194254dd8e28f6c1201310ec3c0c75103f4f5a5b801b62920680bd43b68b36ba5
- SSDEEP
  
  3072:tE3lMHLSW0Dwkp5bHYp6Ebx9D9C5nG8tvO+IDt45+no5JFX4K1uIKF:4MHLOwgC6QDKrG910oou
Score

10^/10

smokeloader pub1 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoorpersistencetrojan

behavioral2

smokeloaderpub1backdoortrojan