smokeloader | ad8f4809df9a7429e0a3dbbaeafae78056f10584f042bcfde4b8fdab553077ad | Triage

Sharing

General

Target

ad8f4809df9a7429e0a3dbbaeafae78056f10584f042bcfde4b8fdab553077ad
Size

663KB
Sample

240509-3cnvnsch4y
MD5

cf783d751a0c45d4fdead46ac29d831e
SHA1

30826caa615ea57877699a5b9062f89685b01e19
SHA256

ad8f4809df9a7429e0a3dbbaeafae78056f10584f042bcfde4b8fdab553077ad
SHA512

8dacbec85e93700cdbb783b57d2421a110133592c7ff75a176f2bc0ee6c71625c02ef2b9d41427b12c1da3b99a0b7ecca3cc1019ceb19cd252fa0836bbfa3fc2
SSDEEP

12288:2MwC2DnOQyOmir722i6N0hwQ929tHih31p+dFYTsmkcVT5xXd/o9OrsR9KGPGm+N:2MwC2DUOjP3Nmw5jHih31p+dFYTVTo9k

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://cellc.org/tmp/index.php

http://h-c-v.ru/tmp/index.php

http://icebrasilpr.com/tmp/index.php

http://piratia-life.ru/tmp/index.php

http://piratia.su/tmp/index.php

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  ad8f4809df9a7429e0a3dbbaeafae78056f10584f042bcfde4b8fdab553077ad
- Size
  
  663KB
- MD5
  
  cf783d751a0c45d4fdead46ac29d831e
- SHA1
  
  30826caa615ea57877699a5b9062f89685b01e19
- SHA256
  
  ad8f4809df9a7429e0a3dbbaeafae78056f10584f042bcfde4b8fdab553077ad
- SHA512
  
  8dacbec85e93700cdbb783b57d2421a110133592c7ff75a176f2bc0ee6c71625c02ef2b9d41427b12c1da3b99a0b7ecca3cc1019ceb19cd252fa0836bbfa3fc2
- SSDEEP
  
  12288:2MwC2DnOQyOmir722i6N0hwQ929tHih31p+dFYTsmkcVT5xXd/o9OrsR9KGPGm+N:2MwC2DUOjP3Nmw5jHih31p+dFYTVTo9k
Score

10^/10

smokeloader backdoor trojan pub3
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderpub3backdoortrojan