smokeloader | fcc6db5850927866d4cbe47d291c406551fdcacd462234b31800e3377f30734f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcc6db5850927866d4cbe47d291c406551fdcacd462234b31800e3377f30734f
Size

233KB
Sample

230314-mdn9tseg93
MD5

190d1cf0cb396fe696dfba4f114087ef
SHA1

91722541bf951621816e458b42bce5040275d7ed
SHA256

fcc6db5850927866d4cbe47d291c406551fdcacd462234b31800e3377f30734f
SHA512

627779af33c6b83abccd6716030424104e050ff22ad8756a44684113ee6244e8a2327365c89fe915811712e278613937522192ef9c7b6760a6603e9351cb87ec
SSDEEP

3072:N2rRsFTgVq2u3rwV1Qa2ik4VLDHISdyMPf4lvbADzKWH9CN0UI:TZmqlry15Bd3xf4uPKWH9CN0U

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fcc6db5850927866d4cbe47d291c406551fdcacd462234b31800e3377f30734f
- Size
  
  233KB
- MD5
  
  190d1cf0cb396fe696dfba4f114087ef
- SHA1
  
  91722541bf951621816e458b42bce5040275d7ed
- SHA256
  
  fcc6db5850927866d4cbe47d291c406551fdcacd462234b31800e3377f30734f
- SHA512
  
  627779af33c6b83abccd6716030424104e050ff22ad8756a44684113ee6244e8a2327365c89fe915811712e278613937522192ef9c7b6760a6603e9351cb87ec
- SSDEEP
  
  3072:N2rRsFTgVq2u3rwV1Qa2ik4VLDHISdyMPf4lvbADzKWH9CN0UI:TZmqlry15Bd3xf4uPKWH9CN0U
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan