smokeloader | 49db6a5491ddef53eb912d569fb0a7dd65bafebaf4dafb54e230bd3c13786d7f | Triage

Sharing

General

Target

49db6a5491ddef53eb912d569fb0a7dd65bafebaf4dafb54e230bd3c13786d7f
Size

269KB
Sample

230326-2pa9nsad25
MD5

7f821f1dbaf6aef551e3769b3f57fd8b
SHA1

3795efadb7d163673cf2f1c84b314290175454c9
SHA256

49db6a5491ddef53eb912d569fb0a7dd65bafebaf4dafb54e230bd3c13786d7f
SHA512

81ad27533c2f4af220414ed5807a59e6f9f68e81b88e22184c4710fc797ee56c7a76084d20591aee140033ea2c3fc319606b90e51a0d1e1184760d0c5eee6894
SSDEEP

3072:lXPhj9wA+FFu5wZvovffVxWnm+Xo+BZnH4l7Sp72+OR/pVsZ/LicvxlYfv0SUIll:VwvI5cvmWn56U2+OR/u0bUeR

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  49db6a5491ddef53eb912d569fb0a7dd65bafebaf4dafb54e230bd3c13786d7f
- Size
  
  269KB
- MD5
  
  7f821f1dbaf6aef551e3769b3f57fd8b
- SHA1
  
  3795efadb7d163673cf2f1c84b314290175454c9
- SHA256
  
  49db6a5491ddef53eb912d569fb0a7dd65bafebaf4dafb54e230bd3c13786d7f
- SHA512
  
  81ad27533c2f4af220414ed5807a59e6f9f68e81b88e22184c4710fc797ee56c7a76084d20591aee140033ea2c3fc319606b90e51a0d1e1184760d0c5eee6894
- SSDEEP
  
  3072:lXPhj9wA+FFu5wZvovffVxWnm+Xo+BZnH4l7Sp72+OR/pVsZ/LicvxlYfv0SUIll:VwvI5cvmWn56U2+OR/u0bUeR
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan