smokeloader | 17a7ee5ed8d05595a2a73fb4ff85cbd9c2308b0faa3b6dea0bd105e92857ac92 | Triage

Sharing

General

Target

17a7ee5ed8d05595a2a73fb4ff85cbd9c2308b0faa3b6dea0bd105e92857ac92
Size

270KB
Sample

230328-f4ckdsah61
MD5

e529b247bd899fa147357b27524ba9e2
SHA1

d73f7ebdba8ad3761f96def4475fe7e72a68f797
SHA256

17a7ee5ed8d05595a2a73fb4ff85cbd9c2308b0faa3b6dea0bd105e92857ac92
SHA512

04205c2b1f3a85f096f5a853d1677e800fcc67847a062119e2257ed0ac8ef85bf9c77feef7c1cee34377d91c9473c271b1f28583c26311aa80a62cc3ae9cf442
SSDEEP

3072:G6zQdKgnUO3SjgsDa48LpKuCUAV4abOgri/J40LQF3quUBlmhU:dbg33SjTDajCV4JN4tRUN

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  17a7ee5ed8d05595a2a73fb4ff85cbd9c2308b0faa3b6dea0bd105e92857ac92
- Size
  
  270KB
- MD5
  
  e529b247bd899fa147357b27524ba9e2
- SHA1
  
  d73f7ebdba8ad3761f96def4475fe7e72a68f797
- SHA256
  
  17a7ee5ed8d05595a2a73fb4ff85cbd9c2308b0faa3b6dea0bd105e92857ac92
- SHA512
  
  04205c2b1f3a85f096f5a853d1677e800fcc67847a062119e2257ed0ac8ef85bf9c77feef7c1cee34377d91c9473c271b1f28583c26311aa80a62cc3ae9cf442
- SSDEEP
  
  3072:G6zQdKgnUO3SjgsDa48LpKuCUAV4abOgri/J40LQF3quUBlmhU:dbg33SjTDajCV4JN4tRUN
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan