smokeloader | c8793b903031728f6e63e0e348b844879ed7cdd073ac17031f9ebba826292033 | Triage

Sharing

General

Target

773d01c3082deed6da2d5ebaf1058a5c.exe
Size

272KB
Sample

210721-lc3t8zewfj
MD5

773d01c3082deed6da2d5ebaf1058a5c
SHA1

95770848c54265e58e406b122b9d5a76b12c742f
SHA256

c8793b903031728f6e63e0e348b844879ed7cdd073ac17031f9ebba826292033
SHA512

c3959dde23d3823df119ff1b49b064b463e82156a45a705a6c23c3efadec04b526ed07e6697e6f158679301fe5cde2286edea7e7ca72aa895098c46e710c0973

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://helpersgroup.co.ug/index.php

http://helpersgroup.co.ug/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  773d01c3082deed6da2d5ebaf1058a5c.exe
- Size
  
  272KB
- MD5
  
  773d01c3082deed6da2d5ebaf1058a5c
- SHA1
  
  95770848c54265e58e406b122b9d5a76b12c742f
- SHA256
  
  c8793b903031728f6e63e0e348b844879ed7cdd073ac17031f9ebba826292033
- SHA512
  
  c3959dde23d3823df119ff1b49b064b463e82156a45a705a6c23c3efadec04b526ed07e6697e6f158679301fe5cde2286edea7e7ca72aa895098c46e710c0973
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan