smokeloader | 10d80786a23c28922cb41c290cd386cae2faa31d87b0b36a77c43f56c6403555 | Triage

Sharing

General

Target

10d80786a23c28922cb41c290cd386cae2faa31d87b0b36a77c43f56c6403555
Size

197KB
Sample

230310-3pgxwshe9v
MD5

ea65182754192ff6c1c9247f2ade79c5
SHA1

bbb2f590877ca97f0e87f61572d52aba6db8f66c
SHA256

10d80786a23c28922cb41c290cd386cae2faa31d87b0b36a77c43f56c6403555
SHA512

c0834824573749d9852ade54f3b7d62557d3fea550420e0cf92640433ea12cdc814a2454c34cb90a370fdd2c63ab3a331a067eeaff480c21152835b240a6e519
SSDEEP

3072:oGpFnmX1i4w8s7GJLKhSxPhfnze/z7HUmXBhXaotmcglkn1ywW:bFmX1i4ZLK8LzC7HU8naoMzZ

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  10d80786a23c28922cb41c290cd386cae2faa31d87b0b36a77c43f56c6403555
- Size
  
  197KB
- MD5
  
  ea65182754192ff6c1c9247f2ade79c5
- SHA1
  
  bbb2f590877ca97f0e87f61572d52aba6db8f66c
- SHA256
  
  10d80786a23c28922cb41c290cd386cae2faa31d87b0b36a77c43f56c6403555
- SHA512
  
  c0834824573749d9852ade54f3b7d62557d3fea550420e0cf92640433ea12cdc814a2454c34cb90a370fdd2c63ab3a331a067eeaff480c21152835b240a6e519
- SSDEEP
  
  3072:oGpFnmX1i4w8s7GJLKhSxPhfnze/z7HUmXBhXaotmcglkn1ywW:bFmX1i4ZLK8LzC7HU8naoMzZ
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan