smokeloader | f9fa43b38b3951c964f2984f7fa4bdb4136b608c359f4b19209c3d98a143554f | Triage

Sharing

General

Target

f9fa43b38b3951c964f2984f7fa4bdb4136b608c359f4b19209c3d98a143554f
Size

198KB
Sample

230311-j3d9daag51
MD5

2482c44cca6ac482e87237fb60c25212
SHA1

0b9f959373ccf66008f88ebec457194197083e6c
SHA256

f9fa43b38b3951c964f2984f7fa4bdb4136b608c359f4b19209c3d98a143554f
SHA512

32533a096d46c3a9a067d6ade8c844782651a3e5aded002f185737acdb42503953088c46b760aa365f0ed01f9f3148e26302b6a9c834da2f605ae66241ae7465
SSDEEP

3072:3bQbFpKn9wdfnZ8TWrg1LFPUMPNQ2yPNj1gEkmcgla1yDH:L4F8n9wdfnAxUM14Nj1gEXz3

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f9fa43b38b3951c964f2984f7fa4bdb4136b608c359f4b19209c3d98a143554f
- Size
  
  198KB
- MD5
  
  2482c44cca6ac482e87237fb60c25212
- SHA1
  
  0b9f959373ccf66008f88ebec457194197083e6c
- SHA256
  
  f9fa43b38b3951c964f2984f7fa4bdb4136b608c359f4b19209c3d98a143554f
- SHA512
  
  32533a096d46c3a9a067d6ade8c844782651a3e5aded002f185737acdb42503953088c46b760aa365f0ed01f9f3148e26302b6a9c834da2f605ae66241ae7465
- SSDEEP
  
  3072:3bQbFpKn9wdfnZ8TWrg1LFPUMPNQ2yPNj1gEkmcgla1yDH:L4F8n9wdfnAxUM14Nj1gEXz3
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan