smokeloader | ae7799f085224aa3f6c244a0e7cc5a495e0be1b32239b5132d50c40c8fb401c3 | Triage

Sharing

General

Target

ae7799f085224aa3f6c244a0e7cc5a495e0be1b32239b5132d50c40c8fb401c3
Size

274KB
Sample

230326-tqnx6aba91
MD5

15916f777cabe2a8be34b7de615794a0
SHA1

b85ac92732d1ebd92eceef1e29ac081999191f8d
SHA256

ae7799f085224aa3f6c244a0e7cc5a495e0be1b32239b5132d50c40c8fb401c3
SHA512

4b622efefb587a5fec3801da5aa8c2e8edee01cf8aeb367d29e01c21b86e0a91c833908535003b6b278693f7664f203049bca77e64340bafd99ee46effc32a33
SSDEEP

3072:O3YPCOt43uLvsLuxVu6F5bZJc2K3Vss4zBHYntdLPuPPngN7T/UypNN4Th3:Jguv2uxXcnesAsmPPngN7T/FNN4T

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ae7799f085224aa3f6c244a0e7cc5a495e0be1b32239b5132d50c40c8fb401c3
- Size
  
  274KB
- MD5
  
  15916f777cabe2a8be34b7de615794a0
- SHA1
  
  b85ac92732d1ebd92eceef1e29ac081999191f8d
- SHA256
  
  ae7799f085224aa3f6c244a0e7cc5a495e0be1b32239b5132d50c40c8fb401c3
- SHA512
  
  4b622efefb587a5fec3801da5aa8c2e8edee01cf8aeb367d29e01c21b86e0a91c833908535003b6b278693f7664f203049bca77e64340bafd99ee46effc32a33
- SSDEEP
  
  3072:O3YPCOt43uLvsLuxVu6F5bZJc2K3Vss4zBHYntdLPuPPngN7T/UypNN4Th3:Jguv2uxXcnesAsmPPngN7T/FNN4T
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan