smokeloader | de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445 | Triage

Sharing

General

Target

setup.exe
Size

294KB
Sample

230329-b4865sec64
MD5

eb4f74a0a8bd4030a4d16f021f739abb
SHA1

6df8f1d2bdd7b3dd3cc17a86ed59a3513b08ca7a
SHA256

de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445
SHA512

40369c3946de9265d8cad01d58cd7e43ed031be9ce639d379e01020e42326c669802eec0d6ff8f6470e3baf30350aa2b5d9e3fe1f1cb9b73e451e087e1925244
SSDEEP

3072:fu8/Com8MPO2PRJ0L434TgdsFTzf2J1dm2dQg1e6CbmItJTgWvQfo:R/cPxJJ0zTz01dlzU6CCIq

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  294KB
- MD5
  
  eb4f74a0a8bd4030a4d16f021f739abb
- SHA1
  
  6df8f1d2bdd7b3dd3cc17a86ed59a3513b08ca7a
- SHA256
  
  de3b1d992fb5ca90b7402298d5011c88df5773ad655ff5686f619d4c1da82445
- SHA512
  
  40369c3946de9265d8cad01d58cd7e43ed031be9ce639d379e01020e42326c669802eec0d6ff8f6470e3baf30350aa2b5d9e3fe1f1cb9b73e451e087e1925244
- SSDEEP
  
  3072:fu8/Com8MPO2PRJ0L434TgdsFTzf2J1dm2dQg1e6CbmItJTgWvQfo:R/cPxJJ0zTz01dlzU6CCIq
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan