Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    180KB

  • Sample

    230321-asw7rshh9s

  • MD5

    385cb03a414e08bd403b294087ffc93c

  • SHA1

    70811cd99d37fd6d2e24df1c352ba63ef4fe3333

  • SHA256

    1eaa79cc6464a1f5f54beaf7d0cca883d98181cd0e82335804a5f690b36d9e35

  • SHA512

    ddfcea22b0e733b9b69fd12fefe68baaab35fe0aedc1c70b847e14842c7aa5704166d153cf0f3c57dacc059fc3880b9388f23fa726e97b0bf33881d42c0bb5fa

  • SSDEEP

    3072:xa132T9nFdEvyNWpn7SIaS+BAb+rS1ohJ2FY6/uW0aZZ:oBM9FjoSI8C+rSOKS5

Score
10/10
smokeloaderlabbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      file.exe

    • Size

      180KB

    • MD5

      385cb03a414e08bd403b294087ffc93c

    • SHA1

      70811cd99d37fd6d2e24df1c352ba63ef4fe3333

    • SHA256

      1eaa79cc6464a1f5f54beaf7d0cca883d98181cd0e82335804a5f690b36d9e35

    • SHA512

      ddfcea22b0e733b9b69fd12fefe68baaab35fe0aedc1c70b847e14842c7aa5704166d153cf0f3c57dacc059fc3880b9388f23fa726e97b0bf33881d42c0bb5fa

    • SSDEEP

      3072:xa132T9nFdEvyNWpn7SIaS+BAb+rS1ohJ2FY6/uW0aZZ:oBM9FjoSI8C+rSOKS5

    Score
    10/10
    smokeloaderlabbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks