smokeloader | de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445 | Triage

Sharing

General

Target

de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445
Size

294KB
Sample

230328-zcjzyaeh8y
MD5

eb4f74a0a8bd4030a4d16f021f739abb
SHA1

6df8f1d2bdd7b3dd3cc17a86ed59a3513b08ca7a
SHA256

de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445
SHA512

40369c3946de9265d8cad01d58cd7e43ed031be9ce639d379e01020e42326c669802eec0d6ff8f6470e3baf30350aa2b5d9e3fe1f1cb9b73e451e087e1925244
SSDEEP

3072:fu8/Com8MPO2PRJ0L434TgdsFTzf2J1dm2dQg1e6CbmItJTgWvQfo:R/cPxJJ0zTz01dlzU6CCIq

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445
- Size
  
  294KB
- MD5
  
  eb4f74a0a8bd4030a4d16f021f739abb
- SHA1
  
  6df8f1d2bdd7b3dd3cc17a86ed59a3513b08ca7a
- SHA256
  
  de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445
- SHA512
  
  40369c3946de9265d8cad01d58cd7e43ed031be9ce639d379e01020e42326c669802eec0d6ff8f6470e3baf30350aa2b5d9e3fe1f1cb9b73e451e087e1925244
- SSDEEP
  
  3072:fu8/Com8MPO2PRJ0L434TgdsFTzf2J1dm2dQg1e6CbmItJTgWvQfo:R/cPxJJ0zTz01dlzU6CCIq
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan