smokeloader | eddb8958f270ee848bb717adf5006ce879cb5e47a17fda3c948d67507e6a6d88 | Triage

Submit
Reports

Overview

overview

Static

static

1

a7e3cfa1a4...7e.exe

windows7-x64

a7e3cfa1a4...7e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a7e3cfa1a45329cef508f67fa70f572bf9f4b50368934a5ac6f2ad98b637927e.zip
Size

169KB
Sample

230308-ne23rafh36
MD5

c2cfbdfde1630df71fd64b2ae66ae1a0
SHA1

4f79bdf7891353bc45b53124b9c3f4d9105c1aa8
SHA256

eddb8958f270ee848bb717adf5006ce879cb5e47a17fda3c948d67507e6a6d88
SHA512

b2c70f70e10e050041fcb411db85d690d7312501eb44b6671eb468e358ecaeba79d0ab5d08f1e42739fa100888d28a79a9901d959b6824c67e677e0799a2064e
SSDEEP

3072:6XIe6R+uZwrQuCf1SYvz4z7mnWbUdDdwvh9Dv/y88ORmvvShfSUvAC5timzgyuE:6XzuqdYvzY7EGipwrb/OOoyqUYW

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

a7e3cfa1a45329cef508f67fa70f572bf9f4b50368934a5ac6f2ad98b637927e.exe

Resource

win7-20230220-en

smokeloader backdoor trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7e3cfa1a45329cef508f67fa70f572bf9f4b50368934a5ac6f2ad98b637927e.exe

Resource

win10v2004-20230221-en

smokeloader backdoor trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a7e3cfa1a45329cef508f67fa70f572bf9f4b50368934a5ac6f2ad98b637927e.exe
- Size
  
  321KB
- MD5
  
  b7899dd9a9e96c03d4ff14e46017ca7b
- SHA1
  
  4bed366ac4f40d4e80d8030baa33c015d45b016a
- SHA256
  
  a7e3cfa1a45329cef508f67fa70f572bf9f4b50368934a5ac6f2ad98b637927e
- SHA512
  
  45f43d8da45fc24a9b0937c373d25bd0c742e90fb69fa2b007e387fa83274a35e7bc77dae35f36890e6809019ea251094134b555bee7bdc13aa0c550918f2ef6
- SSDEEP
  
  3072:juuIWqRwPv8LWdaEKiPGAuus/0ooFWBYyYXQEUjnU1bvKnJEtcOF:5q68LWTKiN80oMWFfEsyvKJ
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy