smokeloader | f7430819576a8d9a67b3e1fa7a1f4247b9c42fd48ca5c242c76be13999270082 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

277KB
Sample

230325-ctklgaaf68
MD5

bff5833edbb3c929f51682bd8aab8e89
SHA1

deb4b26e4085ce94bf174ffe525a90996bd1e802
SHA256

f7430819576a8d9a67b3e1fa7a1f4247b9c42fd48ca5c242c76be13999270082
SHA512

627405994d382228c1c3e28dc9f90b8c1f7254f55c6980e6c841a41e0f15b26bbcb52eba7d95919bd7a6f3497d30fbaa694a167b09a41d546f81aaf99d90ed62
SSDEEP

3072:6o7z8e2BHiAqkUCwTsLMpMv0skZdvywr0XYrmVaMUvk0/pm2rH9WN8aeDr:zvFqJbMpMEbIVaMUc0vH9va

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  277KB
- MD5
  
  bff5833edbb3c929f51682bd8aab8e89
- SHA1
  
  deb4b26e4085ce94bf174ffe525a90996bd1e802
- SHA256
  
  f7430819576a8d9a67b3e1fa7a1f4247b9c42fd48ca5c242c76be13999270082
- SHA512
  
  627405994d382228c1c3e28dc9f90b8c1f7254f55c6980e6c841a41e0f15b26bbcb52eba7d95919bd7a6f3497d30fbaa694a167b09a41d546f81aaf99d90ed62
- SSDEEP
  
  3072:6o7z8e2BHiAqkUCwTsLMpMv0skZdvywr0XYrmVaMUvk0/pm2rH9WN8aeDr:zvFqJbMpMEbIVaMUc0vH9va
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan