smokeloader | 47ec411eab0aa15619f24caa6256ed4ca5cfc695a26f5b71830b53b07c22b05b | Triage

Sharing

General

Target

8696a4269e30ddb34a7e0e84629ede03.exe
Size

278KB
Sample

211118-ll3xhsfce5
MD5

8696a4269e30ddb34a7e0e84629ede03
SHA1

125198e1f636ef118e468145d02e801a3ffe2a97
SHA256

47ec411eab0aa15619f24caa6256ed4ca5cfc695a26f5b71830b53b07c22b05b
SHA512

481ae35ec056de3c08ae167e7b2fea9352c82a7cd47ebbc46047270e1a0f518b3feece8ad6900d0a5ac5ca1b44c80da0e916504809e93e176933931d940cad96

Score

10^/10

smokeloader backdoor collection trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rsuehfidvdkfvk.top/

rc4.i32

rc4.i32

Targets

- Target
  
  8696a4269e30ddb34a7e0e84629ede03.exe
- Size
  
  278KB
- MD5
  
  8696a4269e30ddb34a7e0e84629ede03
- SHA1
  
  125198e1f636ef118e468145d02e801a3ffe2a97
- SHA256
  
  47ec411eab0aa15619f24caa6256ed4ca5cfc695a26f5b71830b53b07c22b05b
- SHA512
  
  481ae35ec056de3c08ae167e7b2fea9352c82a7cd47ebbc46047270e1a0f518b3feece8ad6900d0a5ac5ca1b44c80da0e916504809e93e176933931d940cad96
Score

10^/10

smokeloader backdoor trojan collection
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiontrojan