smokeloader | bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7 | Triage

Sharing

General

Target

bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
Size

179KB
Sample

240521-k6zvxsfh9w
MD5

ccfb70ac53b63ba7a8a1bb859deb0a63
SHA1

4a6b127768edb4316ecccd722d14cdc0fd67a9c0
SHA256

bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
SHA512

04f4080063d51b50028399c21b910d645c7ae87b2228170ab9fcc0c4ca6d7d9ec4679d6b0fa1e911d6d2c0f164be4dad565f367cef4c9daf321d4a66fb961326
SSDEEP

1536:D/bI75oFJE7LocP46lfSAPMtyKnM9fGqxHMHKQ0v5WK9IMn4kZhXU4L+vx5tLctB:DYlfSAPM0KMYq2HuWKz4kPU465

Score

10^/10

smokeloader pub1 backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
- Size
  
  179KB
- MD5
  
  ccfb70ac53b63ba7a8a1bb859deb0a63
- SHA1
  
  4a6b127768edb4316ecccd722d14cdc0fd67a9c0
- SHA256
  
  bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
- SHA512
  
  04f4080063d51b50028399c21b910d645c7ae87b2228170ab9fcc0c4ca6d7d9ec4679d6b0fa1e911d6d2c0f164be4dad565f367cef4c9daf321d4a66fb961326
- SSDEEP
  
  1536:D/bI75oFJE7LocP46lfSAPMtyKnM9fGqxHMHKQ0v5WK9IMn4kZhXU4L+vx5tLctB:DYlfSAPM0KMYq2HuWKz4kPU465
Score

10^/10

smokeloader pub1 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoorpersistencetrojan

behavioral2

smokeloaderpub1backdoortrojan