smokeloader | 191f9235e28b1ab80bc97ddd5f33b4e34eba2e142659efad9a9b0dd29a954773 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

191f9235e28b1ab80bc97ddd5f33b4e34eba2e142659efad9a9b0dd29a954773
Size

174KB
Sample

230316-xrvnwaef8y
MD5

62c8ff540f45580b3fa8a9e078d3b899
SHA1

04dcf8335b3f170828fd64387aa07068dc9264f1
SHA256

191f9235e28b1ab80bc97ddd5f33b4e34eba2e142659efad9a9b0dd29a954773
SHA512

094c83472cbe5b592990e73ef1a923233e8025a8e7fbd40f82323f5ec980a690530db25621a37cc876f17202aef1d14f77837ab2e66ea7c466f0819e6bac52a0
SSDEEP

3072:kFE65pD8QEnoqBoQlYgOP6S3K/V0nAOM0BVFnXla:kt5pY/onln6SmQDh

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  191f9235e28b1ab80bc97ddd5f33b4e34eba2e142659efad9a9b0dd29a954773
- Size
  
  174KB
- MD5
  
  62c8ff540f45580b3fa8a9e078d3b899
- SHA1
  
  04dcf8335b3f170828fd64387aa07068dc9264f1
- SHA256
  
  191f9235e28b1ab80bc97ddd5f33b4e34eba2e142659efad9a9b0dd29a954773
- SHA512
  
  094c83472cbe5b592990e73ef1a923233e8025a8e7fbd40f82323f5ec980a690530db25621a37cc876f17202aef1d14f77837ab2e66ea7c466f0819e6bac52a0
- SSDEEP
  
  3072:kFE65pD8QEnoqBoQlYgOP6S3K/V0nAOM0BVFnXla:kt5pY/onln6SmQDh
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan