smokeloader | 8f2a26bfa721f95ef9b492179b6eef76c68123984649bf083922e2cc33020b16 | Triage

Sharing

General

Target

file.exe
Size

296KB
Sample

230328-wyq4laeb3w
MD5

fa32b4820a9d08b3c695fefda4aa7c26
SHA1

fdcc844fbc60643047ba201a1c54eb2003327b1a
SHA256

8f2a26bfa721f95ef9b492179b6eef76c68123984649bf083922e2cc33020b16
SHA512

e348e601ac5b5399314214fbe873e02dc080797d8048336f762f717fdb7ffb5962a3debe566add5ece94fa2ed03e20ca5805fed6e8a7cf9185a2a1f8cb31a074
SSDEEP

3072:8GQZrYEPYb2SWSpmBzeyMD9TDZMmyrfMBZnRmuy21hKLdU0ZTIWvQfu:jUNYb2gmBE/yrEDryJdU0M

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  296KB
- MD5
  
  fa32b4820a9d08b3c695fefda4aa7c26
- SHA1
  
  fdcc844fbc60643047ba201a1c54eb2003327b1a
- SHA256
  
  8f2a26bfa721f95ef9b492179b6eef76c68123984649bf083922e2cc33020b16
- SHA512
  
  e348e601ac5b5399314214fbe873e02dc080797d8048336f762f717fdb7ffb5962a3debe566add5ece94fa2ed03e20ca5805fed6e8a7cf9185a2a1f8cb31a074
- SSDEEP
  
  3072:8GQZrYEPYb2SWSpmBzeyMD9TDZMmyrfMBZnRmuy21hKLdU0ZTIWvQfu:jUNYb2gmBE/yrEDryJdU0M
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan