smokeloader | 02d0630968348e66dd1b7f91a9784069a9f52f5a26c79976ba0efbec058788ef | Triage

Sharing

General

Target

02d0630968348e66dd1b7f91a9784069a9f52f5a26c79976ba0efbec058788ef
Size

292KB
Sample

230328-x2891sed61
MD5

0b498776456d691579997d16a1bc14f2
SHA1

d7c2d3dcfc876057f085c0b2a1ce0a9d3547ed12
SHA256

02d0630968348e66dd1b7f91a9784069a9f52f5a26c79976ba0efbec058788ef
SHA512

82cc64c76eb7eb7b8437a622d5257db8f93667387ebf5ada526e6d17c419e6811e8111c54446d0e786bcb804ffda1155f7744241dfb60c4b06101bfb24bb6511
SSDEEP

3072:AnJCUm5g8PncZfSeawCZzLasT3UEvNv1zHR6DyBq09CHfte6pfrYRxT+fWvQfo:n9XPncUeaPv1zx6Dys09WfwoPt

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  02d0630968348e66dd1b7f91a9784069a9f52f5a26c79976ba0efbec058788ef
- Size
  
  292KB
- MD5
  
  0b498776456d691579997d16a1bc14f2
- SHA1
  
  d7c2d3dcfc876057f085c0b2a1ce0a9d3547ed12
- SHA256
  
  02d0630968348e66dd1b7f91a9784069a9f52f5a26c79976ba0efbec058788ef
- SHA512
  
  82cc64c76eb7eb7b8437a622d5257db8f93667387ebf5ada526e6d17c419e6811e8111c54446d0e786bcb804ffda1155f7744241dfb60c4b06101bfb24bb6511
- SSDEEP
  
  3072:AnJCUm5g8PncZfSeawCZzLasT3UEvNv1zHR6DyBq09CHfte6pfrYRxT+fWvQfo:n9XPncUeaPv1zx6Dys09WfwoPt
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan