smokeloader | 4c5068ae1dc37622834d2e84dd827040d0aeed3aac17560bf731ec79f5793037 | Triage

Sharing

General

Target

4c5068ae1dc37622834d2e84dd827040d0aeed3aac17560bf731ec79f5793037
Size

269KB
Sample

230328-lqfmsaca2t
MD5

74db21999e569840b49b51d5bd28bc7f
SHA1

2a50cb2b7a96d75177a0d064254e57d5f0f0ce7b
SHA256

4c5068ae1dc37622834d2e84dd827040d0aeed3aac17560bf731ec79f5793037
SHA512

05cae2f2532911c4a1252b4f2363d322e5f97567c407464e350d93f6cdec1d9c86a775608ac53587b737a098cee04bec3f1047b2dba9fae77737b66d592541e7
SSDEEP

3072:2rRDQ9fQD0uqhKFeP+XS/sG8XrHCk3fUCnlb6iY0mDyLYSPfjmyhyolmSZ:wWQfkKW/s3S/oYi

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4c5068ae1dc37622834d2e84dd827040d0aeed3aac17560bf731ec79f5793037
- Size
  
  269KB
- MD5
  
  74db21999e569840b49b51d5bd28bc7f
- SHA1
  
  2a50cb2b7a96d75177a0d064254e57d5f0f0ce7b
- SHA256
  
  4c5068ae1dc37622834d2e84dd827040d0aeed3aac17560bf731ec79f5793037
- SHA512
  
  05cae2f2532911c4a1252b4f2363d322e5f97567c407464e350d93f6cdec1d9c86a775608ac53587b737a098cee04bec3f1047b2dba9fae77737b66d592541e7
- SSDEEP
  
  3072:2rRDQ9fQD0uqhKFeP+XS/sG8XrHCk3fUCnlb6iY0mDyLYSPfjmyhyolmSZ:wWQfkKW/s3S/oYi
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan