smokeloader | 6dc0285e2f4d1245b5533f16bd389d660336064ce9487e3baba85bc8f16995dc | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

6dc0285e2f4d1245b5533f16bd389d660336064ce9487e3baba85bc8f16995dc
Size

198KB
Sample

230303-lf62zsgc9y
MD5

6072f38a2916fb99ea4adfbaae215188
SHA1

cf145f99ab455a1aca667826388e93aa1ee08b1a
SHA256

6dc0285e2f4d1245b5533f16bd389d660336064ce9487e3baba85bc8f16995dc
SHA512

42b688fcaf2a022d04f3abe00e4a3c8ec2e6d0aba5e47c11854e7bc85e963345e2627587e99eaa8b31026ba0b837a979db92e0d35f2279a5f780622051dcccde
SSDEEP

3072:Tz/6HaPQXFaUOUNH2B+80sz6lU7+TUCOAFGeSY5JWbbhGBvQ/3:vyHDXFaUXNWsUKYCOAFXl4lGBvQ

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

6dc0285e2f4d1245b5533f16bd389d660336064ce9487e3baba85bc8f16995dc.exe

Resource

win10v2004-20230220-en

smokeloader backdoor trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6dc0285e2f4d1245b5533f16bd389d660336064ce9487e3baba85bc8f16995dc
- Size
  
  198KB
- MD5
  
  6072f38a2916fb99ea4adfbaae215188
- SHA1
  
  cf145f99ab455a1aca667826388e93aa1ee08b1a
- SHA256
  
  6dc0285e2f4d1245b5533f16bd389d660336064ce9487e3baba85bc8f16995dc
- SHA512
  
  42b688fcaf2a022d04f3abe00e4a3c8ec2e6d0aba5e47c11854e7bc85e963345e2627587e99eaa8b31026ba0b837a979db92e0d35f2279a5f780622051dcccde
- SSDEEP
  
  3072:Tz/6HaPQXFaUOUNH2B+80sz6lU7+TUCOAFGeSY5JWbbhGBvQ/3:vyHDXFaUXNWsUKYCOAFXl4lGBvQ
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy