smokeloader | 01e077aea0568368f5b372c7a9c3737143518193ec296d440a72744077b5c315 | Triage

Sharing

General

Target

01e077aea0568368f5b372c7a9c3737143518193ec296d440a72744077b5c315
Size

195KB
Sample

230312-pjlr1adg73
MD5

53f382dc37af23a9232c06b6f1e02417
SHA1

861d1fe42e857828bd303814267073beaaa8640d
SHA256

01e077aea0568368f5b372c7a9c3737143518193ec296d440a72744077b5c315
SHA512

02abd07340adcc98b10c91a6cfbb26c39ad66a1b41eb4c306d5fc1364af1760f9832741af9b4028f524e93addeda6a46413a85edc74fdfe5f1612a0fe5121286
SSDEEP

3072:D443WmjkLXnMtcxFzTo2k5gejzFlqch91I9KiytRY2+9sX6bgXQvJ:13zjkDMtcl2BLg9iRYHsCg

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  01e077aea0568368f5b372c7a9c3737143518193ec296d440a72744077b5c315
- Size
  
  195KB
- MD5
  
  53f382dc37af23a9232c06b6f1e02417
- SHA1
  
  861d1fe42e857828bd303814267073beaaa8640d
- SHA256
  
  01e077aea0568368f5b372c7a9c3737143518193ec296d440a72744077b5c315
- SHA512
  
  02abd07340adcc98b10c91a6cfbb26c39ad66a1b41eb4c306d5fc1364af1760f9832741af9b4028f524e93addeda6a46413a85edc74fdfe5f1612a0fe5121286
- SSDEEP
  
  3072:D443WmjkLXnMtcxFzTo2k5gejzFlqch91I9KiytRY2+9sX6bgXQvJ:13zjkDMtcl2BLg9iRYHsCg
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan