smokeloader | 4e5f3fb701c0ba7a67dfbe0f1578fd497769f2d3397cc6310a444e9e0740afb6 | Triage

Sharing

General

Target

setup.exe
Size

250KB
Sample

230328-bl84esaa71
MD5

04e32b3bd11f6233afb0e106da867aa8
SHA1

c4750a98073df743fe04bf542df0faee2bdea4c5
SHA256

4e5f3fb701c0ba7a67dfbe0f1578fd497769f2d3397cc6310a444e9e0740afb6
SHA512

233f6d94ab81501e652cc6dd326f61416b37429b068dd0105951c8f8f01e61f57f27b20492309858e188d8cb639e34fecc0e0b9880bd846e3e5fac4420356c16
SSDEEP

3072:nVuaHyfVd/lxLLqfe5FRPN4pdWBVAyeO3jBJr2GOOIpzjdwj5Ev/Hc:oOyfJxLeEidnGOTFjb

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  250KB
- MD5
  
  04e32b3bd11f6233afb0e106da867aa8
- SHA1
  
  c4750a98073df743fe04bf542df0faee2bdea4c5
- SHA256
  
  4e5f3fb701c0ba7a67dfbe0f1578fd497769f2d3397cc6310a444e9e0740afb6
- SHA512
  
  233f6d94ab81501e652cc6dd326f61416b37429b068dd0105951c8f8f01e61f57f27b20492309858e188d8cb639e34fecc0e0b9880bd846e3e5fac4420356c16
- SSDEEP
  
  3072:nVuaHyfVd/lxLLqfe5FRPN4pdWBVAyeO3jBJr2GOOIpzjdwj5Ev/Hc:oOyfJxLeEidnGOTFjb
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan