smokeloader | 693ea03ec6210684d9437c2a31974184b816630a3d17d2eb9ee23441308281ae | Triage

Sharing

General

Target

615c39d967d9dde2610d632bb98147f4.exe
Size

360KB
Sample

230322-mdncjagc42
MD5

615c39d967d9dde2610d632bb98147f4
SHA1

7d9490d20778fd2c45c355788d23aa461dc651c6
SHA256

693ea03ec6210684d9437c2a31974184b816630a3d17d2eb9ee23441308281ae
SHA512

cc24a015dbfbfd48d6c960a19cdf289297abcce8aad002fc6b728958c626b19a741fa3ed76219327aaf59a0b8981f8079438e5e89f80115eb6f9150c041371dd
SSDEEP

3072:Sw/DlH0j8/64BjuajLSSimiA71hY++do7RSuLpZzrgwn0JV:5SS6aPFi6Y++dOMu9Zn

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  615c39d967d9dde2610d632bb98147f4.exe
- Size
  
  360KB
- MD5
  
  615c39d967d9dde2610d632bb98147f4
- SHA1
  
  7d9490d20778fd2c45c355788d23aa461dc651c6
- SHA256
  
  693ea03ec6210684d9437c2a31974184b816630a3d17d2eb9ee23441308281ae
- SHA512
  
  cc24a015dbfbfd48d6c960a19cdf289297abcce8aad002fc6b728958c626b19a741fa3ed76219327aaf59a0b8981f8079438e5e89f80115eb6f9150c041371dd
- SSDEEP
  
  3072:Sw/DlH0j8/64BjuajLSSimiA71hY++do7RSuLpZzrgwn0JV:5SS6aPFi6Y++dOMu9Zn
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan