smokeloader | f59f47316352a6fccc73f2276a272bf215f338dd0b05bfca7db591517e8f5c2c | Triage

Sharing

General

Target

file.exe
Size

276KB
Sample

230325-l1m5lsec8v
MD5

5decbf34d093ad55cee5e302a4c1507b
SHA1

a96f0a93c910e7993c91b243d53a6918efe62067
SHA256

f59f47316352a6fccc73f2276a272bf215f338dd0b05bfca7db591517e8f5c2c
SHA512

d29c2d1399cd1f83a22897bfc10a1f8fe5332fbb23ca641802a8260488d54578b62c3ef36ebca4829a405322b9a9e252348a3f63a4c33d756fbb28a4aaba0d57
SSDEEP

3072:CVGkCPdRRWVXAsvhwrFmlaOP6cUvLMgVrsli4DoD94aX7G/nCqHbgMCJQN0f5KRh:VdRWdSFmlJULMbk4DE94aXi/CqgTfm

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  276KB
- MD5
  
  5decbf34d093ad55cee5e302a4c1507b
- SHA1
  
  a96f0a93c910e7993c91b243d53a6918efe62067
- SHA256
  
  f59f47316352a6fccc73f2276a272bf215f338dd0b05bfca7db591517e8f5c2c
- SHA512
  
  d29c2d1399cd1f83a22897bfc10a1f8fe5332fbb23ca641802a8260488d54578b62c3ef36ebca4829a405322b9a9e252348a3f63a4c33d756fbb28a4aaba0d57
- SSDEEP
  
  3072:CVGkCPdRRWVXAsvhwrFmlaOP6cUvLMgVrsli4DoD94aX7G/nCqHbgMCJQN0f5KRh:VdRWdSFmlJULMbk4DE94aXi/CqgTfm
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan