smokeloader | 40d54ff7d6cf461413250eb4ea783812873754e13f4d8ea153d875be3ddfab79 | Triage

Sharing

General

Target

cbf0b5ad9b04b05a29801569c35e2a80.bin
Size

164KB
Sample

230328-cvqtwaad3x
MD5

d168a2d5b46f693d728670fb8b71880e
SHA1

cf0c1b9790e7c2096dd1164dec365dc8d7d2203f
SHA256

40d54ff7d6cf461413250eb4ea783812873754e13f4d8ea153d875be3ddfab79
SHA512

5092d25133166ae448ca3aad961c858ac71135a09dd6521e5ab4204de76c8d35111530fb5495dae942c6ed30a20c8566987b4444373d018f4599d662db504215
SSDEEP

3072:ODb74pLRMD7meQAPmkTpMNA4aHNow39NeSU5ImwfTGOX3CLPqNwr5YBln/ZuZZv3:ODvsiDqeNIK05twfqOHCLCuuIZf

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  407b7978d56e8808cc8615d041d9ab8b6491032a99c9979caeb73e8721dd4edc.exe
- Size
  
  274KB
- MD5
  
  cbf0b5ad9b04b05a29801569c35e2a80
- SHA1
  
  b2e8d7645e8e4b0b4edf72fd5f90569eb46e2542
- SHA256
  
  407b7978d56e8808cc8615d041d9ab8b6491032a99c9979caeb73e8721dd4edc
- SHA512
  
  435134495075ccbd8439df1f9a022e13a59b2a9bade83ff6d9a48e377c469ea889a639f042e829b1a3d44295a657e878da9a47886023b8c02ad8cc151589e5aa
- SSDEEP
  
  3072:Z3do2E9NTud8WxIYW0ukE1bZvfP1FYe9Ipm3Xo4vY0FArRQE/wpNN4TJY:GhXW+YWTogY4g0mFX/eNN4T
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan