smokeloader | 383c10d1b8eacf046bb82f67e863ca08119ddb58ec61a2f400d0915c391426c0 | Triage

Sharing

General

Target

383c10d1b8eacf046bb82f67e863ca08119ddb58ec61a2f400d0915c391426c0
Size

295KB
Sample

230328-p2fnpscg2w
MD5

5b15f8dc889da6d5a360f4a487f7a038
SHA1

aad637e963fca7eb17c6e7a9a1ab39e450cec678
SHA256

383c10d1b8eacf046bb82f67e863ca08119ddb58ec61a2f400d0915c391426c0
SHA512

15319407743d4ce8f2f5da36e960f18a1dd0e45d44b4674e921ceb2d9411082e89cfbe197aa1e9a8bda2b921f8c35736d19dc7bea49c561ba3e669bcc6cf5930
SSDEEP

3072:nd884d08TwYNguK29vrv9yonI3PEkbHImdq/Ax76aPj5N4weew+g5NUf4Nlmc2t2:dg0yHgu3vr2b5dq46OVKbeHgnqtDDTS

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  383c10d1b8eacf046bb82f67e863ca08119ddb58ec61a2f400d0915c391426c0
- Size
  
  295KB
- MD5
  
  5b15f8dc889da6d5a360f4a487f7a038
- SHA1
  
  aad637e963fca7eb17c6e7a9a1ab39e450cec678
- SHA256
  
  383c10d1b8eacf046bb82f67e863ca08119ddb58ec61a2f400d0915c391426c0
- SHA512
  
  15319407743d4ce8f2f5da36e960f18a1dd0e45d44b4674e921ceb2d9411082e89cfbe197aa1e9a8bda2b921f8c35736d19dc7bea49c561ba3e669bcc6cf5930
- SSDEEP
  
  3072:nd884d08TwYNguK29vrv9yonI3PEkbHImdq/Ax76aPj5N4weew+g5NUf4Nlmc2t2:dg0yHgu3vr2b5dq46OVKbeHgnqtDDTS
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan