smokeloader | 44e510c4e951fab0a9dbb1d66b63cdb9641faa329b0216f75bd148b2fc781848 | Triage

Sharing

General

Target

44e510c4e951fab0a9dbb1d66b63cdb9641faa329b0216f75bd148b2fc781848
Size

357KB
Sample

230321-wp64fscd38
MD5

d5da1abea4cbea3dadbe35048f025a64
SHA1

ff6be5e6d96f48b8e624e659a16497623e43c279
SHA256

44e510c4e951fab0a9dbb1d66b63cdb9641faa329b0216f75bd148b2fc781848
SHA512

cbc54a4c16a1ae5845fef3375572431972bf61626e8186435f1b7fb13cc53d89e022c021779f303c249a1f3ed64670abaa91d91a3caf5be582611981aa551de6
SSDEEP

3072:5vgPXKqJgECYqL3MYxWMeD0VpyH9NREM8NH2JIm3hqcRR5zd8WOeukRDhGFpy105:mKYqL3X0oHG9N0HZm3hRRfd8WEQ

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  44e510c4e951fab0a9dbb1d66b63cdb9641faa329b0216f75bd148b2fc781848
- Size
  
  357KB
- MD5
  
  d5da1abea4cbea3dadbe35048f025a64
- SHA1
  
  ff6be5e6d96f48b8e624e659a16497623e43c279
- SHA256
  
  44e510c4e951fab0a9dbb1d66b63cdb9641faa329b0216f75bd148b2fc781848
- SHA512
  
  cbc54a4c16a1ae5845fef3375572431972bf61626e8186435f1b7fb13cc53d89e022c021779f303c249a1f3ed64670abaa91d91a3caf5be582611981aa551de6
- SSDEEP
  
  3072:5vgPXKqJgECYqL3MYxWMeD0VpyH9NREM8NH2JIm3hqcRR5zd8WOeukRDhGFpy105:mKYqL3X0oHG9N0HZm3hRRfd8WEQ
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan