smokeloader

General

Target

2024-04-22_e452394a483fbad931b55e78a675e19f_karagany_mafia
Size

268KB
Sample

240422-zlcl8agb7y
MD5

e452394a483fbad931b55e78a675e19f
SHA1

acd77c6530c2086279073a5daec164e5423c4534
SHA256

46dc74de321297e5142fd835a527d28ee505b6d8d8fb8cdcec27509e97f5bd50
SHA512

b1b58aa193ccee4115b5bf3b22688b5ae49748cf57453108ed1f41a45f93fb566da1c3dab8c05029e5ff3b3cfa43feb2dba23b1ca1ab5a3f38baf26cddb6226d
SSDEEP

3072:/9LRjsVElyEmOCPT+wBNJjNvdMKEnv5yZN7nUZmfjWVoqnM4P:/9mVEhXCqYP3MN8IZmfjWWAM4P

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2018

C2

http://xrbwgb.com/gate.php

http://th5ijd5gds.xyz/gate.php

http://c82psxpjd8.top/gate.php

http://7ui3n2rezz.top/gate.php

rc4.i32

Targets

- Target
  
  2024-04-22_e452394a483fbad931b55e78a675e19f_karagany_mafia
- Size
  
  268KB
- MD5
  
  e452394a483fbad931b55e78a675e19f
- SHA1
  
  acd77c6530c2086279073a5daec164e5423c4534
- SHA256
  
  46dc74de321297e5142fd835a527d28ee505b6d8d8fb8cdcec27509e97f5bd50
- SHA512
  
  b1b58aa193ccee4115b5bf3b22688b5ae49748cf57453108ed1f41a45f93fb566da1c3dab8c05029e5ff3b3cfa43feb2dba23b1ca1ab5a3f38baf26cddb6226d
- SSDEEP
  
  3072:/9LRjsVElyEmOCPT+wBNJjNvdMKEnv5yZN7nUZmfjWVoqnM4P:/9mVEhXCqYP3MN8IZmfjWWAM4P
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Maps connected drives based on registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2