smokeloader | 6812ce04f2230eaae1a0895a6133bce17c5979a1926d6f3979d4d7468f045f2b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6812ce04f2230eaae1a0895a6133bce17c5979a1926d6f3979d4d7468f045f2b
Size

270KB
Sample

230312-cly4wsec9s
MD5

47b9fef2ce2852babb2e40c80a2f2d04
SHA1

71061818044480a7a8f55060192af13a11031f5a
SHA256

6812ce04f2230eaae1a0895a6133bce17c5979a1926d6f3979d4d7468f045f2b
SHA512

594cf18dce4ba26e502c0b154260555c213d21534bcc7ad236f6a3e3b25ca00d008cd527a82e063e2037b42ac08daf261c036dda9452eae3a6ca1d833dd38885
SSDEEP

3072:91DEUqZuigpkEAQlq46mFDbGiwkOOkywGSTmX6WB+TDqYI:bqIilEM4BSV7GSTmb

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6812ce04f2230eaae1a0895a6133bce17c5979a1926d6f3979d4d7468f045f2b
- Size
  
  270KB
- MD5
  
  47b9fef2ce2852babb2e40c80a2f2d04
- SHA1
  
  71061818044480a7a8f55060192af13a11031f5a
- SHA256
  
  6812ce04f2230eaae1a0895a6133bce17c5979a1926d6f3979d4d7468f045f2b
- SHA512
  
  594cf18dce4ba26e502c0b154260555c213d21534bcc7ad236f6a3e3b25ca00d008cd527a82e063e2037b42ac08daf261c036dda9452eae3a6ca1d833dd38885
- SSDEEP
  
  3072:91DEUqZuigpkEAQlq46mFDbGiwkOOkywGSTmX6WB+TDqYI:bqIilEM4BSV7GSTmb
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan