smokeloader | 0efe59a8f13a80ac3ee5c71b2282972bd42d9e609afbff88d9bf8b9092743bd7 | Triage

Sharing

General

Target

file
Size

264KB
Sample

230327-1g42cahd4x
MD5

603e1c4b337563620dd3b0873efd2242
SHA1

f334f318213431b357aa7fab4a869f0d300ac079
SHA256

0efe59a8f13a80ac3ee5c71b2282972bd42d9e609afbff88d9bf8b9092743bd7
SHA512

e2791bd7c7476ecdad9d123274abf55bae7b88fb099fc7b6f438f6abfca415ed77719d908b748341034be7f74da789943e6906513ae96493d460301cb4099d4d
SSDEEP

3072:E3zCCRHyE0rYUXLHYLZ3zG9G6xHtPnBvsM+xUDzFQz1LlL5kYYCU3wsUf:EDz5yERUXL4Yzf2VkZ2oY

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file
- Size
  
  264KB
- MD5
  
  603e1c4b337563620dd3b0873efd2242
- SHA1
  
  f334f318213431b357aa7fab4a869f0d300ac079
- SHA256
  
  0efe59a8f13a80ac3ee5c71b2282972bd42d9e609afbff88d9bf8b9092743bd7
- SHA512
  
  e2791bd7c7476ecdad9d123274abf55bae7b88fb099fc7b6f438f6abfca415ed77719d908b748341034be7f74da789943e6906513ae96493d460301cb4099d4d
- SSDEEP
  
  3072:E3zCCRHyE0rYUXLHYLZ3zG9G6xHtPnBvsM+xUDzFQz1LlL5kYYCU3wsUf:EDz5yERUXL4Yzf2VkZ2oY
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan