smokeloader | 530f5d616351de3f5081638700fa9efb35ef3b73c671c02aa0c185c6aaed42ac | Triage

Sharing

General

Target

file.exe
Size

270KB
Sample

230328-h94l6shf23
MD5

d4f8b7ae1c91d292bb175f6a977f648b
SHA1

639bb2d5322785e4b2e2c6cf54fd2a2a50b4ae6a
SHA256

530f5d616351de3f5081638700fa9efb35ef3b73c671c02aa0c185c6aaed42ac
SHA512

9200a9e67453cd576d28f4a50ca46e344a8e4e26c2a44199a3f913ef92a965cfbf9e4283c4399a28877a265ffe789c3784b8136247c27a39fa4e00ca6a821f5d
SSDEEP

3072:MzBQZu2+UOWJoxjpBTAhzt8vfvC/4Ka2SYoDdXb0j34o5lmhZ:uhWCjpBUhz3xJyJ0j3A

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  270KB
- MD5
  
  d4f8b7ae1c91d292bb175f6a977f648b
- SHA1
  
  639bb2d5322785e4b2e2c6cf54fd2a2a50b4ae6a
- SHA256
  
  530f5d616351de3f5081638700fa9efb35ef3b73c671c02aa0c185c6aaed42ac
- SHA512
  
  9200a9e67453cd576d28f4a50ca46e344a8e4e26c2a44199a3f913ef92a965cfbf9e4283c4399a28877a265ffe789c3784b8136247c27a39fa4e00ca6a821f5d
- SSDEEP
  
  3072:MzBQZu2+UOWJoxjpBTAhzt8vfvC/4Ka2SYoDdXb0j34o5lmhZ:uhWCjpBUhz3xJyJ0j3A
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan