smokeloader | bd795e6baf037837d0d8f1d80cf5975cf2e145137d2398758cd03df083b54c5b | Triage

Sharing

General

Target

bd795e6baf037837d0d8f1d80cf5975cf2e145137d2398758cd03df083b54c5b
Size

764KB
Sample

240509-3fg7asgd56
MD5

5db607859b88d1e2a2e3c6d14c4a1512
SHA1

a036563c4057ed49281bf19f9764f9acbbeae517
SHA256

bd795e6baf037837d0d8f1d80cf5975cf2e145137d2398758cd03df083b54c5b
SHA512

fb5230fc62e29fe1b620b6ba01e91291030d2ae147f51bb87dedf6bb4f87fe5a6bb71fa2c73bd401bffc7b5533d3438b6dc6deb012a2cf5c4830cf598fa5210c
SSDEEP

12288:5MwNrpcQxPNrtU1C5BnoTgMo7p2eCU7Vu4tJ2NMbUqwd3a8wzST38:5MwN+gA1qBnoMMol2fU7VdtJSM5wd3Tm

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://cellc.org/tmp/index.php

http://h-c-v.ru/tmp/index.php

http://icebrasilpr.com/tmp/index.php

http://piratia-life.ru/tmp/index.php

http://piratia.su/tmp/index.php

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  bd795e6baf037837d0d8f1d80cf5975cf2e145137d2398758cd03df083b54c5b
- Size
  
  764KB
- MD5
  
  5db607859b88d1e2a2e3c6d14c4a1512
- SHA1
  
  a036563c4057ed49281bf19f9764f9acbbeae517
- SHA256
  
  bd795e6baf037837d0d8f1d80cf5975cf2e145137d2398758cd03df083b54c5b
- SHA512
  
  fb5230fc62e29fe1b620b6ba01e91291030d2ae147f51bb87dedf6bb4f87fe5a6bb71fa2c73bd401bffc7b5533d3438b6dc6deb012a2cf5c4830cf598fa5210c
- SSDEEP
  
  12288:5MwNrpcQxPNrtU1C5BnoTgMo7p2eCU7Vu4tJ2NMbUqwd3a8wzST38:5MwN+gA1qBnoMMol2fU7VdtJSM5wd3Tm
Score

10^/10

smokeloader backdoor trojan pub3
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderpub3backdoortrojan