smokeloader | 060e91b825b39c68a9a3c6347ba332d3a26f7b97f45af80fe1c3bcf1f9afcc9b | Triage

Sharing

General

Target

060e91b825b39c68a9a3c6347ba332d3a26f7b97f45af80fe1c3bcf1f9afcc9b
Size

356KB
Sample

230321-vp4gwscb32
MD5

ab2bc1ca6eedc2b7a263194ca90e1da6
SHA1

4dcb9841a804b03462d4b0a8d6061e4e63c5a614
SHA256

060e91b825b39c68a9a3c6347ba332d3a26f7b97f45af80fe1c3bcf1f9afcc9b
SHA512

a17b6e287e1a6bfb8dc38b43aeb7c31eb696dddb26238fda8c09366471dbb8f7285ed8aa83ccd71b7d29c74b980793886c4be21f2cfd784c2f663c1bad499ff7
SSDEEP

3072:H+5Uc9MeVTCIgLucjL9QO6AAzTxjH42zcqxUFuUkmaeL5DnfWO4RDhGFpy10wZ2r:NPIgLuw7azTxL4ocqkFvtnfWXVv

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  060e91b825b39c68a9a3c6347ba332d3a26f7b97f45af80fe1c3bcf1f9afcc9b
- Size
  
  356KB
- MD5
  
  ab2bc1ca6eedc2b7a263194ca90e1da6
- SHA1
  
  4dcb9841a804b03462d4b0a8d6061e4e63c5a614
- SHA256
  
  060e91b825b39c68a9a3c6347ba332d3a26f7b97f45af80fe1c3bcf1f9afcc9b
- SHA512
  
  a17b6e287e1a6bfb8dc38b43aeb7c31eb696dddb26238fda8c09366471dbb8f7285ed8aa83ccd71b7d29c74b980793886c4be21f2cfd784c2f663c1bad499ff7
- SSDEEP
  
  3072:H+5Uc9MeVTCIgLucjL9QO6AAzTxjH42zcqxUFuUkmaeL5DnfWO4RDhGFpy10wZ2r:NPIgLuw7azTxL4ocqkFvtnfWXVv
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan