smokeloader | ce2a274fa8c0616d87c2aa0857959c5a7194c5cbef71259bcb6ccf2bde904559 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce2a274fa8c0616d87c2aa0857959c5a7194c5cbef71259bcb6ccf2bde904559
Size

276KB
Sample

230325-bfemmacd9v
MD5

ec280a69ffa8b44ad3dd84b2deebd60e
SHA1

5bfa6ab0503b91514fd8c1f2cc96a15a83f430ad
SHA256

ce2a274fa8c0616d87c2aa0857959c5a7194c5cbef71259bcb6ccf2bde904559
SHA512

f6c73c4eb35bf1c592ae7b9580a0477de086d8703f6c7599b5713281ba22bd4155246da52295b7f40f6854c5bd5bda2330e39957b73fd8cf293af44246cab93b
SSDEEP

3072:Rv3Ljt2+sGVNySCzWxuBIjE9mXWNTxL+PZOUrs28n+FDBcmDylzNxqK7R7WqWN8f:lbBG/kuBIbWPL0Olcymc3Wqva

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ce2a274fa8c0616d87c2aa0857959c5a7194c5cbef71259bcb6ccf2bde904559
- Size
  
  276KB
- MD5
  
  ec280a69ffa8b44ad3dd84b2deebd60e
- SHA1
  
  5bfa6ab0503b91514fd8c1f2cc96a15a83f430ad
- SHA256
  
  ce2a274fa8c0616d87c2aa0857959c5a7194c5cbef71259bcb6ccf2bde904559
- SHA512
  
  f6c73c4eb35bf1c592ae7b9580a0477de086d8703f6c7599b5713281ba22bd4155246da52295b7f40f6854c5bd5bda2330e39957b73fd8cf293af44246cab93b
- SSDEEP
  
  3072:Rv3Ljt2+sGVNySCzWxuBIjE9mXWNTxL+PZOUrs28n+FDBcmDylzNxqK7R7WqWN8f:lbBG/kuBIbWPL0Olcymc3Wqva
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan