smokeloader | 3ff5ee87b0502f4c2fa61e140caeb00540fb2eeea7f5326cfded837e6dd330aa | Triage

Sharing

General

Target

cus.exe
Size

13KB
Sample

240521-jwwvvadh4w
MD5

39023ce4acf0cab299648ba78a68c52d
SHA1

1ac1a55650e2a278c9264ac7a8d540c84c141a43
SHA256

3ff5ee87b0502f4c2fa61e140caeb00540fb2eeea7f5326cfded837e6dd330aa
SHA512

5da1c4feb379e5e1887f4c6e129bb5cc0c9a626114232873233d26cb11f61e7d7330d3181a4f07e61eaa9bb0cc981fcb71dcf61834abfd7c343ffccb9b6cac6e
SSDEEP

192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4OtN:JAnLAXNy/m3/bTKN

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://dogewareservice.ru/

Targets

- Target
  
  cus.exe
- Size
  
  13KB
- MD5
  
  39023ce4acf0cab299648ba78a68c52d
- SHA1
  
  1ac1a55650e2a278c9264ac7a8d540c84c141a43
- SHA256
  
  3ff5ee87b0502f4c2fa61e140caeb00540fb2eeea7f5326cfded837e6dd330aa
- SHA512
  
  5da1c4feb379e5e1887f4c6e129bb5cc0c9a626114232873233d26cb11f61e7d7330d3181a4f07e61eaa9bb0cc981fcb71dcf61834abfd7c343ffccb9b6cac6e
- SSDEEP
  
  192:vBAlEMZWAY5nCtCY61l40CMvPSohzWLz5xWfgOQ/muu/d5THm4OtN:JAnLAXNy/m3/bTKN
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan