smokeloader | 3137ddf90c8e8cb3bbc8f79dfe01aad4e4def3258359c897a781b0f28226f96a | Triage

Sharing

General

Target

e07270c4844eee99b9912f5f4245e2185d66ac2c486e3243289277207f62048f
Size

125KB
Sample

230313-jxsvksbc61
MD5

7ebacfdb9382be94154f4e386fc45c60
SHA1

5034573061f38ba6aa0d26cd4cf629c6b8b5594a
SHA256

3137ddf90c8e8cb3bbc8f79dfe01aad4e4def3258359c897a781b0f28226f96a
SHA512

25f2c98e1f430039149c631df08984e057f185d77938d9877a42485981a79226b126000bc093dc5c3a137d3d02f79eeeb1e216712e602465022bfdbf39ceef0c
SSDEEP

1536:YpQDLiS6esp0a1WzqYutfsbZ1UV038+YQVUgdvBxkRMEZdvUhcxRCWxZwiWzqJJg:OQVspBAqYwfsk0Msd56yEfB/gzq6c2L

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e07270c4844eee99b9912f5f4245e2185d66ac2c486e3243289277207f62048f
- Size
  
  197KB
- MD5
  
  a9d67bc81d309e6acc41ca1687ac06b1
- SHA1
  
  7427bdb245fb8d768216bfefcea4d3ae0b224858
- SHA256
  
  e07270c4844eee99b9912f5f4245e2185d66ac2c486e3243289277207f62048f
- SHA512
  
  4b37c7c5d66f24b2091175317a634933e1b2479624d72483cddf619940ed0167dbfbe41f19fb4bca078cfc013077ee292979c2fe9dfb20ecb7e3b04c4d20efa6
- SSDEEP
  
  3072:qmXO1y1Xf4UZiUY35k3izSeahF+ow82IQOq4SvxKqD:3e1qXXZYiSSeaZPrQlWq
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan