smokeloader | 915a66584e7280aa967eb27ba754211b9f210dc45c88410540c61adb2fd72047 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

915a66584e7280aa967eb27ba754211b9f210dc45c88410540c61adb2fd72047
Size

173KB
Sample

230316-mcdrpsad35
MD5

593e36fe2c24170834d200de29e40fbe
SHA1

ff75b26789424de6f0ca2628d95032d434b4cbac
SHA256

915a66584e7280aa967eb27ba754211b9f210dc45c88410540c61adb2fd72047
SHA512

abb82bcf6c3df41259084d469546ccc2039a663682d8e584b8c3e30c776377e3a73ade78f9e2f789299fa335171d1cadf0e68cf052bdd0f50eeac0492401dcc0
SSDEEP

3072:kPoPnYWs76TAbxcpMbjS46SieWhx4dw/k7MgLDw0OeAps1XJX:fvjcGgZ6aax0eSMgLDw2J1

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  915a66584e7280aa967eb27ba754211b9f210dc45c88410540c61adb2fd72047
- Size
  
  173KB
- MD5
  
  593e36fe2c24170834d200de29e40fbe
- SHA1
  
  ff75b26789424de6f0ca2628d95032d434b4cbac
- SHA256
  
  915a66584e7280aa967eb27ba754211b9f210dc45c88410540c61adb2fd72047
- SHA512
  
  abb82bcf6c3df41259084d469546ccc2039a663682d8e584b8c3e30c776377e3a73ade78f9e2f789299fa335171d1cadf0e68cf052bdd0f50eeac0492401dcc0
- SSDEEP
  
  3072:kPoPnYWs76TAbxcpMbjS46SieWhx4dw/k7MgLDw0OeAps1XJX:fvjcGgZ6aax0eSMgLDw2J1
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan