smokeloader | 400f588f2e07946fb70f43a51bc838b90cb01ebe61074199289a343a2a6f9c96 | Triage

Sharing

General

Target

400f588f2e07946fb70f43a51bc838b90cb01ebe61074199289a343a2a6f9c96
Size

178KB
Sample

230320-pvw24sfe7z
MD5

d2b0521f656b6808ef648e63f53e16e9
SHA1

26cd29952ec302b4ee7f1e4c85dd66b1b0144d73
SHA256

400f588f2e07946fb70f43a51bc838b90cb01ebe61074199289a343a2a6f9c96
SHA512

82a5209e8c65301ed9e922b71bc49ca0a2653c781da391af6243966ee7572c301f25a41e7fb8f0b513b9a25899d0ca0a898f9a6e9204da016a6b9ee4c333aedb
SSDEEP

3072:rlDHoyGiMXPsLoXeq5p07hdlRR4jcPGdh+:FIydta5p0XR4jEG

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  400f588f2e07946fb70f43a51bc838b90cb01ebe61074199289a343a2a6f9c96
- Size
  
  178KB
- MD5
  
  d2b0521f656b6808ef648e63f53e16e9
- SHA1
  
  26cd29952ec302b4ee7f1e4c85dd66b1b0144d73
- SHA256
  
  400f588f2e07946fb70f43a51bc838b90cb01ebe61074199289a343a2a6f9c96
- SHA512
  
  82a5209e8c65301ed9e922b71bc49ca0a2653c781da391af6243966ee7572c301f25a41e7fb8f0b513b9a25899d0ca0a898f9a6e9204da016a6b9ee4c333aedb
- SSDEEP
  
  3072:rlDHoyGiMXPsLoXeq5p07hdlRR4jcPGdh+:FIydta5p0XR4jEG
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan