smokeloader

General

Target

tmp
Size

182KB
Sample

220420-jva7radef2
MD5

86c11e1fb18290cb878cf6b63d050592
SHA1

d255403bcf98d29b8f577f296c8ba74cf1acf522
SHA256

e83c39d3a4a19d6357ae03ab0e93289d611e067e87f90b5dc82cb3fd2d7212c5
SHA512

fc6fcb45a2be8f6b468e2975751cc7bba9dc89f582ebe5c5d4a194d37bffc57895f6b4cc63e5684646d1ffc0bb1f7f0f8baf5fb3f2d285a357986afdf0da8346

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://185.215.113.40/

http://1fdsdfsdfdsf.space/

http://2fds33rdsrsdrs.space/

http://3fds4544gfgf.space/

http://4jgfdjgdh5fds.space/

http://5gfdtktkkt44.space/

rc4.i32

Extracted

Family

systembc

C2

62.182.82.33:1488

usaf.army:1488

Targets

- Target
  
  tmp
- Size
  
  182KB
- MD5
  
  86c11e1fb18290cb878cf6b63d050592
- SHA1
  
  d255403bcf98d29b8f577f296c8ba74cf1acf522
- SHA256
  
  e83c39d3a4a19d6357ae03ab0e93289d611e067e87f90b5dc82cb3fd2d7212c5
- SHA512
  
  fc6fcb45a2be8f6b468e2975751cc7bba9dc89f582ebe5c5d4a194d37bffc57895f6b4cc63e5684646d1ffc0bb1f7f0f8baf5fb3f2d285a357986afdf0da8346
Score

10^/10

smokeloader backdoor trojan systembc
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

SystemBC

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2