smokeloader | 1b67964b4e2bf5341f13e8d11c5a853f97e00a7dbc3328904d42970a57d4ae45 | Triage

Sharing

General

Target

1b67964b4e2bf5341f13e8d11c5a853f97e00a7dbc3328904d42970a57d4ae45
Size

269KB
Sample

230328-j58k1ahg73
MD5

1bd66e5b1645d08b5fd0ea18c50b8e93
SHA1

2e97c74e094052adf2ec3654890edd9b4060cccb
SHA256

1b67964b4e2bf5341f13e8d11c5a853f97e00a7dbc3328904d42970a57d4ae45
SHA512

1f86207ac7b443342644f7f2eecdbb2272d95dea2e606a474ce75a1c2970427e78d4718f19d953406886058a9db99dee0b0161cd638c48bb00eea3eef8629baf
SSDEEP

3072:bRgQ9EQG0K6WwR/Mm8FSECb6wvPQajoAa8wQ4n0N1eV4E0i6lmhZ:WFQW6Wi/MAHvK3n0HK4E3V

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1b67964b4e2bf5341f13e8d11c5a853f97e00a7dbc3328904d42970a57d4ae45
- Size
  
  269KB
- MD5
  
  1bd66e5b1645d08b5fd0ea18c50b8e93
- SHA1
  
  2e97c74e094052adf2ec3654890edd9b4060cccb
- SHA256
  
  1b67964b4e2bf5341f13e8d11c5a853f97e00a7dbc3328904d42970a57d4ae45
- SHA512
  
  1f86207ac7b443342644f7f2eecdbb2272d95dea2e606a474ce75a1c2970427e78d4718f19d953406886058a9db99dee0b0161cd638c48bb00eea3eef8629baf
- SSDEEP
  
  3072:bRgQ9EQG0K6WwR/Mm8FSECb6wvPQajoAa8wQ4n0N1eV4E0i6lmhZ:WFQW6Wi/MAHvK3n0HK4E3V
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan