smokeloader | 8038fee7ea25f4e052284a899956eed3293953b55f54db1d2817a67ba781814f | Triage

Submit
Reports

Overview

overview

Static

static

3

843ad82984...bb.exe

windows7-x64

843ad82984...bb.exe

windows10-2004-x64

Sharing

General

Target

29c2d7eec8802f3967aafcd0d16628b1.bin
Size

111KB
Sample

240519-bgjmzaad26
MD5

813baedac0e1a65109ca5de0ce44b889
SHA1

43a40e65e7d4518919a150eded519809b76be169
SHA256

8038fee7ea25f4e052284a899956eed3293953b55f54db1d2817a67ba781814f
SHA512

81fdc5c9084de97d938effd6f1d9f4d7882bcf06818a8ca13d4329364cfbeebc9d166eaf65a7ca97665a26c2c021df306746789a4d616922f9995aac5e00a294
SSDEEP

1536:n6gR9yVOBmaT0NCNtqGIWkL+hxuPZHkFe7PdAACWB/SmYjhqM+mgxzKRwpf/aS9:6NPG0qtVWChoRV7PWACyMVgxWRmf

Score

10^/10

smokeloader pub1 backdoor persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

843ad82984513d049fcbf1258c0a2cf71fd519ad98a272e54ea95d42422a24bb.exe

Resource

win7-20240221-en

smokeloader pub1 backdoor persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

843ad82984513d049fcbf1258c0a2cf71fd519ad98a272e54ea95d42422a24bb.exe

Resource

win10v2004-20240426-en

smokeloader pub1 backdoor trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  843ad82984513d049fcbf1258c0a2cf71fd519ad98a272e54ea95d42422a24bb.exe
- Size
  
  213KB
- MD5
  
  29c2d7eec8802f3967aafcd0d16628b1
- SHA1
  
  efe099762635d1d6284afb88225029bf89adec5d
- SHA256
  
  843ad82984513d049fcbf1258c0a2cf71fd519ad98a272e54ea95d42422a24bb
- SHA512
  
  755316646a0fcf8fef69832e33e8c611eb02e9e88e6416f7a19c499acab82f9a0e15d49fa92de70aaa5085f05a591e33456f8df61af5534cdb43c3f652e1502a
- SSDEEP
  
  3072:XG6IE/WIaxT8XyWiTmZTb05a+f4IOCX9:N/0oXyWiTQh+fN
Score

10^/10

smokeloader pub1 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoorpersistencetrojan

behavioral2

smokeloaderpub1backdoortrojan

© 2018-2024

Terms | Privacy