smokeloader | b874f11002bc7eb2c517802c66a05603097e5c1e32e19cb4428401b6ddd176f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b874f11002bc7eb2c517802c66a05603097e5c1e32e19cb4428401b6ddd176f2
Size

283KB
Sample

230313-qavtzsad72
MD5

1d82463e6d6f67ad20939aa50df9fbe6
SHA1

845e3ae8b97b9a0d7fc063f89e2935809ad99cbb
SHA256

b874f11002bc7eb2c517802c66a05603097e5c1e32e19cb4428401b6ddd176f2
SHA512

4506abee44ab591e8f8665592239c3c44371c4ae455c4745d1ab75db69bad04b576e90de57dc63fd62d7e670c7461e11275bea2ff3748f16d9d2b33454977fb6
SSDEEP

3072:PT/5gLHlTkv3sR5254oyr83vtZnnHDCA99Mwyy/J1FATxv:bhgL5g425xyr83vtZHDCA99McAT

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b874f11002bc7eb2c517802c66a05603097e5c1e32e19cb4428401b6ddd176f2
- Size
  
  283KB
- MD5
  
  1d82463e6d6f67ad20939aa50df9fbe6
- SHA1
  
  845e3ae8b97b9a0d7fc063f89e2935809ad99cbb
- SHA256
  
  b874f11002bc7eb2c517802c66a05603097e5c1e32e19cb4428401b6ddd176f2
- SHA512
  
  4506abee44ab591e8f8665592239c3c44371c4ae455c4745d1ab75db69bad04b576e90de57dc63fd62d7e670c7461e11275bea2ff3748f16d9d2b33454977fb6
- SSDEEP
  
  3072:PT/5gLHlTkv3sR5254oyr83vtZnnHDCA99Mwyy/J1FATxv:bhgL5g425xyr83vtZHDCA99McAT
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan