smokeloader | 0b2760e66b0860dec87a83211ad1475ccac91ad20f1ee528f09d467b99079049 | Triage

Sharing

General

Target

file.exe
Size

251KB
Sample

230327-rmt9nafh5w
MD5

d114d458c6c4e36ec866be333027110a
SHA1

950c6e1301afaefbcf1913ef856f39de4f42335c
SHA256

0b2760e66b0860dec87a83211ad1475ccac91ad20f1ee528f09d467b99079049
SHA512

a560e73fbe618b14e03c4b4e54a716b63e374be6590925f5a860ba42bee4ce80147cee89fa45f3fcee78417951fbab05a1bff86b6bec3a40f9d1f8de194c8507
SSDEEP

6144:37qMKmkzLj/dohNFNeHFiGUw6oHOCTUnQWQENL:rUmkzf/SbFkl7jAHQ

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  251KB
- MD5
  
  d114d458c6c4e36ec866be333027110a
- SHA1
  
  950c6e1301afaefbcf1913ef856f39de4f42335c
- SHA256
  
  0b2760e66b0860dec87a83211ad1475ccac91ad20f1ee528f09d467b99079049
- SHA512
  
  a560e73fbe618b14e03c4b4e54a716b63e374be6590925f5a860ba42bee4ce80147cee89fa45f3fcee78417951fbab05a1bff86b6bec3a40f9d1f8de194c8507
- SSDEEP
  
  6144:37qMKmkzLj/dohNFNeHFiGUw6oHOCTUnQWQENL:rUmkzf/SbFkl7jAHQ
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan