smokeloader | 3459b35320bc3edf6911ac3dcc837a47ed7536c40b9ed06c7e3ec1b78ef89e1e | Triage

Sharing

General

Target

c8de9d601eb2b1c2682dae1ade2c2aeb.exe
Size

173KB
Sample

230317-jcc9dsgh4s
MD5

c8de9d601eb2b1c2682dae1ade2c2aeb
SHA1

1d1637a7aed719eb0a39c8d68d4fa3a50b771b26
SHA256

3459b35320bc3edf6911ac3dcc837a47ed7536c40b9ed06c7e3ec1b78ef89e1e
SHA512

8bce1b2aecf934c1905d98f68be16cbb7ae969bf8a0aee4827d30eb9f6e2de47b14b3731c2ae4dc8d9ede73413c233347b614894a6d3d03a20a9de70e271dfab
SSDEEP

3072:uVsBUgUA0uAa3M3DTnMeLf4rGVwaQpYu1RIuMnBm/hVOndJB:/Bp2p3DbMAQrkXQ2Wt9/hEdJ

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c8de9d601eb2b1c2682dae1ade2c2aeb.exe
- Size
  
  173KB
- MD5
  
  c8de9d601eb2b1c2682dae1ade2c2aeb
- SHA1
  
  1d1637a7aed719eb0a39c8d68d4fa3a50b771b26
- SHA256
  
  3459b35320bc3edf6911ac3dcc837a47ed7536c40b9ed06c7e3ec1b78ef89e1e
- SHA512
  
  8bce1b2aecf934c1905d98f68be16cbb7ae969bf8a0aee4827d30eb9f6e2de47b14b3731c2ae4dc8d9ede73413c233347b614894a6d3d03a20a9de70e271dfab
- SSDEEP
  
  3072:uVsBUgUA0uAa3M3DTnMeLf4rGVwaQpYu1RIuMnBm/hVOndJB:/Bp2p3DbMAQrkXQ2Wt9/hEdJ
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan