smokeloader | f671122dbd4f11b8ab539d1e1f9945747f1331831866ff486a7a7dc49b222e7e | Triage

Sharing

General

Target

f671122dbd4f11b8ab539d1e1f9945747f1331831866ff486a7a7dc49b222e7e
Size

693KB
Sample

240509-3qnf3adh5z
MD5

4bac266ad7b4c9c9a6352fe9ea79a6fd
SHA1

655612a0032b98e30c9156cc4e48b8f41a865aa2
SHA256

f671122dbd4f11b8ab539d1e1f9945747f1331831866ff486a7a7dc49b222e7e
SHA512

495c488b9ec33cb2146eee9d492ca65124cdb7fb3ee331019633ed542df587a77be4962a4382104e6b2ee2c279bb27d2533f5f3f4d78c77115386bf070616c5b
SSDEEP

12288:qMwsByQcSb7iCWi8B9OXgQXB9RqyGSvF1eDjbCucxyz+YBfvMDaf/EE9PvAe:qMwsBJKni8by91GmMjOxyaYB3aafz1D

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://cellc.org/tmp/index.php

http://h-c-v.ru/tmp/index.php

http://icebrasilpr.com/tmp/index.php

http://piratia-life.ru/tmp/index.php

http://piratia.su/tmp/index.php

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  f671122dbd4f11b8ab539d1e1f9945747f1331831866ff486a7a7dc49b222e7e
- Size
  
  693KB
- MD5
  
  4bac266ad7b4c9c9a6352fe9ea79a6fd
- SHA1
  
  655612a0032b98e30c9156cc4e48b8f41a865aa2
- SHA256
  
  f671122dbd4f11b8ab539d1e1f9945747f1331831866ff486a7a7dc49b222e7e
- SHA512
  
  495c488b9ec33cb2146eee9d492ca65124cdb7fb3ee331019633ed542df587a77be4962a4382104e6b2ee2c279bb27d2533f5f3f4d78c77115386bf070616c5b
- SSDEEP
  
  12288:qMwsByQcSb7iCWi8B9OXgQXB9RqyGSvF1eDjbCucxyz+YBfvMDaf/EE9PvAe:qMwsBJKni8by91GmMjOxyaYB3aafz1D
Score

10^/10

smokeloader backdoor trojan pub3
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderpub3backdoortrojan