smokeloader | eb2a81873467dd77ad98de250ee4de97a681051b8fdf1d9b3e1108777fe20f02 | Triage

Sharing

General

Target

setup.exe
Size

274KB
Sample

230327-bjxydacg9v
MD5

72f8d289fba464c2202292f0013ec032
SHA1

1bd02e687888e43e1e652b831dfb27786797ff7d
SHA256

eb2a81873467dd77ad98de250ee4de97a681051b8fdf1d9b3e1108777fe20f02
SHA512

81a3c61ae9a5dcd1a840bfd9ff4f4ab4f12a2d0d3bd7322135069630d08a305e4a8a53c6a4e96735774b1242928a8ab69cd039b12732609c8f0dd978c9a2bdbe
SSDEEP

3072:O3YPCOt43uLvsLuxVu6FCbZsEQGrvzpWUSBfJHpJfa1yP5g/gpNN4TJY:Jguv2uxUQUwfJJJf6/ONN4T

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  274KB
- MD5
  
  72f8d289fba464c2202292f0013ec032
- SHA1
  
  1bd02e687888e43e1e652b831dfb27786797ff7d
- SHA256
  
  eb2a81873467dd77ad98de250ee4de97a681051b8fdf1d9b3e1108777fe20f02
- SHA512
  
  81a3c61ae9a5dcd1a840bfd9ff4f4ab4f12a2d0d3bd7322135069630d08a305e4a8a53c6a4e96735774b1242928a8ab69cd039b12732609c8f0dd978c9a2bdbe
- SSDEEP
  
  3072:O3YPCOt43uLvsLuxVu6FCbZsEQGrvzpWUSBfJHpJfa1yP5g/gpNN4TJY:Jguv2uxUQUwfJJJf6/ONN4T
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan