smokeloader | 307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187
Size

170KB
Sample

240523-23da7acg65
MD5

55a96029f346de0031b2f46d175800ca
SHA1

98f4eaf475dd48fe0ff5b6a4974a091072b77659
SHA256

307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187
SHA512

86b00c73eca55137dce2a467da30ddcf4ed604e55f55b712a1e7c5b72013361b763be6464dcbde4c973b479dbaa779c6a867d13b11e34d59a35bd71052aee80b
SSDEEP

1536:ErvrsOzcXfqjzVPyTL6yMZvD4taQLRO2VJXq99eJ5ldr9Aigg:LdTL6rvD4q8JXquJ5G

Score

10^/10

smokeloader pub1 backdoor persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187.exe

Resource

win7-20231129-en

smokeloader pub1 backdoor persistence trojan

windows7-x64

14 signatures

300 seconds

Behavioral task

behavioral2

Sample

307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187.exe

Resource

win10-20240404-en

smokeloader pub1 backdoor trojan

windows10-1703-x64

3 signatures

300 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187
- Size
  
  170KB
- MD5
  
  55a96029f346de0031b2f46d175800ca
- SHA1
  
  98f4eaf475dd48fe0ff5b6a4974a091072b77659
- SHA256
  
  307e7351ca03b087f7e6a5cf203d427aae767a63861bf7b3d306464f56e3b187
- SHA512
  
  86b00c73eca55137dce2a467da30ddcf4ed604e55f55b712a1e7c5b72013361b763be6464dcbde4c973b479dbaa779c6a867d13b11e34d59a35bd71052aee80b
- SSDEEP
  
  1536:ErvrsOzcXfqjzVPyTL6yMZvD4taQLRO2VJXq99eJ5ldr9Aigg:LdTL6rvD4q8JXquJ5G
Score

10^/10

smokeloader pub1 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoorpersistencetrojan

behavioral2

smokeloaderpub1backdoortrojan

© 2018-2024

Terms | Privacy