smokeloader | 5c94874fe63306a85fbf9860a1bfc210b58c14c432fd9b30d5e570d809e300f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c94874fe63306a85fbf9860a1bfc210b58c14c432fd9b30d5e570d809e300f2
Size

192KB
Sample

230311-waqsxsce4w
MD5

a67cee708b5adc2b87ac77a029a73535
SHA1

f6133c6947bfbec4cec51ee2e38675fdd410b2f1
SHA256

5c94874fe63306a85fbf9860a1bfc210b58c14c432fd9b30d5e570d809e300f2
SHA512

8fb574212369fd7ea346a69be7467a1d0ab74d1576c0dd8690a457ca42e382b65c81644916d9d885b0e5603d53e3045205b9a2a1940454cf77dbe11f694c22d6
SSDEEP

3072:fRyoqIlGeeYiQzl6kuKoWGNt3BR93M6yFboLX67+TJ:fDqeGeevMNuRVtxv8pFk

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  5c94874fe63306a85fbf9860a1bfc210b58c14c432fd9b30d5e570d809e300f2
- Size
  
  192KB
- MD5
  
  a67cee708b5adc2b87ac77a029a73535
- SHA1
  
  f6133c6947bfbec4cec51ee2e38675fdd410b2f1
- SHA256
  
  5c94874fe63306a85fbf9860a1bfc210b58c14c432fd9b30d5e570d809e300f2
- SHA512
  
  8fb574212369fd7ea346a69be7467a1d0ab74d1576c0dd8690a457ca42e382b65c81644916d9d885b0e5603d53e3045205b9a2a1940454cf77dbe11f694c22d6
- SSDEEP
  
  3072:fRyoqIlGeeYiQzl6kuKoWGNt3BR93M6yFboLX67+TJ:fDqeGeevMNuRVtxv8pFk
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan