smokeloader

General

Target

2024-04-22_a0e9e669eaf46067dba49b57fa9077c8_karagany_mafia
Size

268KB
Sample

240422-yb12dsfc35
MD5

a0e9e669eaf46067dba49b57fa9077c8
SHA1

5c662e8f41450bc76e1d01d060b3544cf969cde5
SHA256

0b67b72c4a9e07996be562cad52111f3e8ae3216624fdf5eb71cd09599114ca9
SHA512

73bc05c025c2144d9f5bc99f64c4d4bac545c7730a79fa1f28f9ee788c8952474a397112aa87564ae51b8481247d21223cac71245bce13513d6c34d8a03dec7b
SSDEEP

3072:/911jsVE6yEmOCPT+wBNJjNvdMKEnv5yZN7nUZmfjWVoqnM46:/9cVE4XCqYP3MN8IZmfjWWAM46

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://xrbwgb.com/gate.php

http://th5ijd5gds.xyz/gate.php

http://c82psxpjd8.top/gate.php

http://7ui3n2rezz.top/gate.php

rc4.i32

Targets

- Target
  
  2024-04-22_a0e9e669eaf46067dba49b57fa9077c8_karagany_mafia
- Size
  
  268KB
- MD5
  
  a0e9e669eaf46067dba49b57fa9077c8
- SHA1
  
  5c662e8f41450bc76e1d01d060b3544cf969cde5
- SHA256
  
  0b67b72c4a9e07996be562cad52111f3e8ae3216624fdf5eb71cd09599114ca9
- SHA512
  
  73bc05c025c2144d9f5bc99f64c4d4bac545c7730a79fa1f28f9ee788c8952474a397112aa87564ae51b8481247d21223cac71245bce13513d6c34d8a03dec7b
- SSDEEP
  
  3072:/911jsVE6yEmOCPT+wBNJjNvdMKEnv5yZN7nUZmfjWVoqnM46:/9cVE4XCqYP3MN8IZmfjWWAM46
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Maps connected drives based on registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2