smokeloader | 768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20 | Triage

Sharing

General

Target

768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20
Size

185KB
Sample

230316-gskmasbf3s
MD5

df1036370c8aabc11d62ad0f27b7e48f
SHA1

a99179948afac6b094586825c613e0edbcf3c262
SHA256

768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20
SHA512

d949af9836904485c6874b10f4e2c2ac47f715a647c4e51e511a78440013d12bf09266851e02b0c9fc55151da264fba6f25596906f01f99c9a15dc31f45289ae
SSDEEP

3072:CfVDHtz97tyoW5ELfCzKHCZQ6kxUGXJX:CtthID2fhCZkf

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20
- Size
  
  185KB
- MD5
  
  df1036370c8aabc11d62ad0f27b7e48f
- SHA1
  
  a99179948afac6b094586825c613e0edbcf3c262
- SHA256
  
  768eef12b8082acde11a4d3b62bd5424f8e95bb83f1b7b7a5bc4c62531ff2e20
- SHA512
  
  d949af9836904485c6874b10f4e2c2ac47f715a647c4e51e511a78440013d12bf09266851e02b0c9fc55151da264fba6f25596906f01f99c9a15dc31f45289ae
- SSDEEP
  
  3072:CfVDHtz97tyoW5ELfCzKHCZQ6kxUGXJX:CtthID2fhCZkf
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan