smokeloader | 92ff0728d25c82e099f90cd40489550d2c4b0cd777a0e3123996807f6719d3e2 | Triage

Sharing

General

Target

92ff0728d25c82e099f90cd40489550d2c4b0cd777a0e3123996807f6719d3e2
Size

222KB
Sample

240516-wmyz3aha74
MD5

2c6cf0278564545909a4579b068c6bca
SHA1

c99343c54f97b89b31a0ab4acf9facbb1cf05c56
SHA256

92ff0728d25c82e099f90cd40489550d2c4b0cd777a0e3123996807f6719d3e2
SHA512

f2d2d4166866b18e9a5dfd79f56131c03fef63505cd36a57ec70ce1384dd3034a5a00d0a5848b9be949f3de42d977d9db90cd5bba12c6da4915c1182f8027a68
SSDEEP

3072:t2RmGIeFZOnbzZS+hFq6IcbWE0WDMgDezLNhbLnxuQAdWeVPBsGUfKowtBCF:tbg+jMgDcdLn1kipCow

Score

10^/10

smokeloader pub1 backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  92ff0728d25c82e099f90cd40489550d2c4b0cd777a0e3123996807f6719d3e2
- Size
  
  222KB
- MD5
  
  2c6cf0278564545909a4579b068c6bca
- SHA1
  
  c99343c54f97b89b31a0ab4acf9facbb1cf05c56
- SHA256
  
  92ff0728d25c82e099f90cd40489550d2c4b0cd777a0e3123996807f6719d3e2
- SHA512
  
  f2d2d4166866b18e9a5dfd79f56131c03fef63505cd36a57ec70ce1384dd3034a5a00d0a5848b9be949f3de42d977d9db90cd5bba12c6da4915c1182f8027a68
- SSDEEP
  
  3072:t2RmGIeFZOnbzZS+hFq6IcbWE0WDMgDezLNhbLnxuQAdWeVPBsGUfKowtBCF:tbg+jMgDcdLn1kipCow
Score

10^/10

smokeloader pub1 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoorpersistencetrojan

behavioral2

smokeloaderpub1backdoortrojan