smokeloader | e5a09c697d988bd1485d6e1f9294a54d23551218e0c3eecd6acd70971ab0a06a | Triage

Sharing

General

Target

e5a09c697d988bd1485d6e1f9294a54d23551218e0c3eecd6acd70971ab0a06a
Size

249KB
Sample

230328-c5x1yagf37
MD5

67f6b83c3c96f64404b4f3b13cfcf09f
SHA1

af303d99787858949269fca0565edb09df23fa80
SHA256

e5a09c697d988bd1485d6e1f9294a54d23551218e0c3eecd6acd70971ab0a06a
SHA512

70ab3c195f21c4a2d9e5fb913d10539ba4db87c7a2dd796d41778e06235342cf83b0ddbc799adff9ef34b4ba977793665dfac8307750e13601d35e7fbdef9b52
SSDEEP

3072:X2raHy8eNglULH/fSEER36LKT0PHTi5VrdiJVnUC9zvsj5EvFukQrpAu:2Oy8xULfqqL6Au7rwVUC9zvF8kQre

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e5a09c697d988bd1485d6e1f9294a54d23551218e0c3eecd6acd70971ab0a06a
- Size
  
  249KB
- MD5
  
  67f6b83c3c96f64404b4f3b13cfcf09f
- SHA1
  
  af303d99787858949269fca0565edb09df23fa80
- SHA256
  
  e5a09c697d988bd1485d6e1f9294a54d23551218e0c3eecd6acd70971ab0a06a
- SHA512
  
  70ab3c195f21c4a2d9e5fb913d10539ba4db87c7a2dd796d41778e06235342cf83b0ddbc799adff9ef34b4ba977793665dfac8307750e13601d35e7fbdef9b52
- SSDEEP
  
  3072:X2raHy8eNglULH/fSEER36LKT0PHTi5VrdiJVnUC9zvsj5EvFukQrpAu:2Oy8xULfqqL6Au7rwVUC9zvF8kQre
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan