smokeloader | 65c4466e69c4b05caccf5c56be42676b0fbfa9bf7c609aedcb34145dfe3c7100 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65c4466e69c4b05caccf5c56be42676b0fbfa9bf7c609aedcb34145dfe3c7100
Size

297KB
Sample

230317-t65kvabb8t
MD5

ba9031fda852359a25f523add938f3b4
SHA1

1a745a18138d437f3a614f6271f9cd78053c5953
SHA256

65c4466e69c4b05caccf5c56be42676b0fbfa9bf7c609aedcb34145dfe3c7100
SHA512

be6838f39bc5edc78f4913640986d0e689ceb2eb7836756d9ceca02d248cf325adf40840cc6158b9c8fcb25ac8e41488a889e8572254529c9a7bc36470b1ae93
SSDEEP

3072:K0dnLgZLyVGudtLal4ZwDtQ0SyCADID7B2sLOAtJ1EP0+9I4yqitZuM:LZgZLykugOwD3SyClnQSOAtJ1E8+0fu

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  65c4466e69c4b05caccf5c56be42676b0fbfa9bf7c609aedcb34145dfe3c7100
- Size
  
  297KB
- MD5
  
  ba9031fda852359a25f523add938f3b4
- SHA1
  
  1a745a18138d437f3a614f6271f9cd78053c5953
- SHA256
  
  65c4466e69c4b05caccf5c56be42676b0fbfa9bf7c609aedcb34145dfe3c7100
- SHA512
  
  be6838f39bc5edc78f4913640986d0e689ceb2eb7836756d9ceca02d248cf325adf40840cc6158b9c8fcb25ac8e41488a889e8572254529c9a7bc36470b1ae93
- SSDEEP
  
  3072:K0dnLgZLyVGudtLal4ZwDtQ0SyCADID7B2sLOAtJ1EP0+9I4yqitZuM:LZgZLykugOwD3SyClnQSOAtJ1E8+0fu
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan