smokeloader | 4fbad19a6629f2dbbaa4bebd6066dbc1548b7ee3890226ca3d4b70e97d1dcacd | Triage

Sharing

General

Target

4fbad19a6629f2dbbaa4bebd6066dbc1548b7ee3890226ca3d4b70e97d1dcacd
Size

296KB
Sample

230328-tjtj3abh56
MD5

6c0975817e255a00753d5bf3c48d67f8
SHA1

38c1825ea17a47b0a63a0592c395423bf20a427e
SHA256

4fbad19a6629f2dbbaa4bebd6066dbc1548b7ee3890226ca3d4b70e97d1dcacd
SHA512

2052624292424c1067bf32c935955ea8a0180159c04feb07d6da0b221dfb1a0d32739eaf0433e2f8c596cc03f8769cec5715ed5d5daa39966bfbd812f027407b
SSDEEP

3072:Cldy/5idB5Df4RJvLAIeMcAP4hhhhhhQ0ewt+BjsbMxA1kCtjjs0uZIGbp9XAFle:GSc5DfcvLq6sYwjs0Gbp57tDDT9

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4fbad19a6629f2dbbaa4bebd6066dbc1548b7ee3890226ca3d4b70e97d1dcacd
- Size
  
  296KB
- MD5
  
  6c0975817e255a00753d5bf3c48d67f8
- SHA1
  
  38c1825ea17a47b0a63a0592c395423bf20a427e
- SHA256
  
  4fbad19a6629f2dbbaa4bebd6066dbc1548b7ee3890226ca3d4b70e97d1dcacd
- SHA512
  
  2052624292424c1067bf32c935955ea8a0180159c04feb07d6da0b221dfb1a0d32739eaf0433e2f8c596cc03f8769cec5715ed5d5daa39966bfbd812f027407b
- SSDEEP
  
  3072:Cldy/5idB5Df4RJvLAIeMcAP4hhhhhhQ0ewt+BjsbMxA1kCtjjs0uZIGbp9XAFle:GSc5DfcvLq6sYwjs0Gbp57tDDT9
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan