smokeloader | 9ef7df7b30a123ae54e2fffcd875da333ab6a1f34164960e35d7f85a47cd2b10 | Triage

Sharing

General

Target

file.exe
Size

295KB
Sample

230328-rv9z3sbe84
MD5

25f7dd5da2d82447bda20da6c1acdf74
SHA1

89e1325724a97e9a9cbb28964c772a7d76434315
SHA256

9ef7df7b30a123ae54e2fffcd875da333ab6a1f34164960e35d7f85a47cd2b10
SHA512

6f05634144300ad0b2a275dfee111192aef5b17616e4d1d22695ec72b2497663c935db537a0eb2f831768c346223ac03584c0068d0e55b138667070a9315d2e9
SSDEEP

3072:hzdyTDNKd3fT9Ap33hiIOMeXP3kujefRiDFoupcNlTqy6Pb5OF4Ulmc2toiDTBg:5+efT9y3hbujefRiJ3psYDNFtDDTS

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  295KB
- MD5
  
  25f7dd5da2d82447bda20da6c1acdf74
- SHA1
  
  89e1325724a97e9a9cbb28964c772a7d76434315
- SHA256
  
  9ef7df7b30a123ae54e2fffcd875da333ab6a1f34164960e35d7f85a47cd2b10
- SHA512
  
  6f05634144300ad0b2a275dfee111192aef5b17616e4d1d22695ec72b2497663c935db537a0eb2f831768c346223ac03584c0068d0e55b138667070a9315d2e9
- SSDEEP
  
  3072:hzdyTDNKd3fT9Ap33hiIOMeXP3kujefRiDFoupcNlTqy6Pb5OF4Ulmc2toiDTBg:5+efT9y3hbujefRiJ3psYDNFtDDTS
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan