smokeloader | 3fd826fc0c032721466b94ab3ec7dcfe006cc284e16132af6b91dfbc064b0907 | Triage

Sharing

General

Target

sant.exe
Size

12KB
Sample

250106-2cg7fsspbn
MD5

5effca91c3f1e9c87d364460097f8048
SHA1

28387c043ab6857aaa51865346046cf5dc4c7b49
SHA256

3fd826fc0c032721466b94ab3ec7dcfe006cc284e16132af6b91dfbc064b0907
SHA512

b0dba30fde295d3f7858db9d1463239b30cd84921971032b2afb96f811a53ac12c1e6f72013d2eff397b0b89c371e7c023c951cd2102f94157cba9918cd2c3e0
SSDEEP

192:I0EFK6COuHNlcW/1bXMvP8trt2mS3+dlRXwaziCP4kAIschKp0jeaJYrIC+sD:I0m/50t9bGPMrXSyGCP4kA6LyrIle

Score

10^/10

smokeloader backdoor discovery persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2017

C2

http://92.53.105.14/

Targets

- Target
  
  sant.exe
- Size
  
  12KB
- MD5
  
  5effca91c3f1e9c87d364460097f8048
- SHA1
  
  28387c043ab6857aaa51865346046cf5dc4c7b49
- SHA256
  
  3fd826fc0c032721466b94ab3ec7dcfe006cc284e16132af6b91dfbc064b0907
- SHA512
  
  b0dba30fde295d3f7858db9d1463239b30cd84921971032b2afb96f811a53ac12c1e6f72013d2eff397b0b89c371e7c023c951cd2102f94157cba9918cd2c3e0
- SSDEEP
  
  192:I0EFK6COuHNlcW/1bXMvP8trt2mS3+dlRXwaziCP4kAIschKp0jeaJYrIC+sD:I0m/50t9bGPMrXSyGCP4kA6LyrIle
Score

10^/10

smokeloader backdoor discovery trojan persistence
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverypersistencetrojan