smokeloader | 473c20c1fe520cf1b143342a2f3bec3dbea893ef9c9a8a698bdc25e35ef0a565 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

282KB
Sample

230313-r3514aag68
MD5

96a441e629af87fef767b3052f2724d8
SHA1

4f0e85147262cb36b76342b7b10aa5cb3bc2d11c
SHA256

473c20c1fe520cf1b143342a2f3bec3dbea893ef9c9a8a698bdc25e35ef0a565
SHA512

9d0276ab58d5e17fbf4aa3c55ce4f969f6fe16a437200eeed14a70da76a10017281ddaf381f5fdbaf65fb4cf23f3dac2abf1f6d06af9fa79f71e1648d6c4e931
SSDEEP

3072:ZS1c/CutuLT8KiyxTncZDOts0WohVcO2IyVGhQ1FtTxvn:ZScsLTjSZCXWohH2IyVGhotT

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  282KB
- MD5
  
  96a441e629af87fef767b3052f2724d8
- SHA1
  
  4f0e85147262cb36b76342b7b10aa5cb3bc2d11c
- SHA256
  
  473c20c1fe520cf1b143342a2f3bec3dbea893ef9c9a8a698bdc25e35ef0a565
- SHA512
  
  9d0276ab58d5e17fbf4aa3c55ce4f969f6fe16a437200eeed14a70da76a10017281ddaf381f5fdbaf65fb4cf23f3dac2abf1f6d06af9fa79f71e1648d6c4e931
- SSDEEP
  
  3072:ZS1c/CutuLT8KiyxTncZDOts0WohVcO2IyVGhQ1FtTxvn:ZScsLTjSZCXWohH2IyVGhotT
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan