smokeloader | ab16043e2aa1752614e78ab78a65173f04cb33b63180ce844b1f34fce7510767 | Triage

Sharing

General

Target

ab16043e2aa1752614e78ab78a65173f04cb33b63180ce844b1f34fce7510767
Size

295KB
Sample

230328-mn9nhscb8z
MD5

c57c08c3df3aab44946a499ccc2785a1
SHA1

4022adb6e342ba5bf474c750f5d814c9e1b4bb6e
SHA256

ab16043e2aa1752614e78ab78a65173f04cb33b63180ce844b1f34fce7510767
SHA512

fe288b570d88a12042bb5ff39cc2f1ef02fd54d2ccc5b5559e4cd14d4f2ca9d69938d35cc308eac2c8d50d3b24752ddf4b4f6b7738138d8e615e43adf263e83a
SSDEEP

3072:Y98A+DWqWR283wEarvg2LJYk9yon5IPQ8VkYMHL4c5ddXyKcHhxVftMJ3XLrZblp:0l2KcrvTJY8ZFHLRdXNcr6nL8tDDTO

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ab16043e2aa1752614e78ab78a65173f04cb33b63180ce844b1f34fce7510767
- Size
  
  295KB
- MD5
  
  c57c08c3df3aab44946a499ccc2785a1
- SHA1
  
  4022adb6e342ba5bf474c750f5d814c9e1b4bb6e
- SHA256
  
  ab16043e2aa1752614e78ab78a65173f04cb33b63180ce844b1f34fce7510767
- SHA512
  
  fe288b570d88a12042bb5ff39cc2f1ef02fd54d2ccc5b5559e4cd14d4f2ca9d69938d35cc308eac2c8d50d3b24752ddf4b4f6b7738138d8e615e43adf263e83a
- SSDEEP
  
  3072:Y98A+DWqWR283wEarvg2LJYk9yon5IPQ8VkYMHL4c5ddXyKcHhxVftMJ3XLrZblp:0l2KcrvTJY8ZFHLRdXNcr6nL8tDDTO
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan