smokeloader | 3ab32e83edff2c036e45303bce991277e6b092a5e4061de50a49ea0b992b478b | Triage

Sharing

General

Target

d114d458c6c4e36ec866be333027110a.bin
Size

165KB
Sample

230329-b5mpjaga41
MD5

1e21895c231e4ce123ab8b3e8ce400b0
SHA1

1e2c40baac20f6d6ef2b0ce17b99dd5af8fa63a3
SHA256

3ab32e83edff2c036e45303bce991277e6b092a5e4061de50a49ea0b992b478b
SHA512

cb7ab8705793f268152957db2b056db6b4b22c786786d3918a9a8fee5e0189e4931c437ef866321e75acfbe9d9017982a1dd3a87db21a8baa467851916e63175
SSDEEP

3072:oeCbQjBEgXardt/mAta0xZTtdb0mXWIvyszzLMAVV+BHCFYHDU+e5lJHK9FF:oLbBgXmd/g0jTtbrajiV+EODwJHK9/

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0b2760e66b0860dec87a83211ad1475ccac91ad20f1ee528f09d467b99079049.exe
- Size
  
  251KB
- MD5
  
  d114d458c6c4e36ec866be333027110a
- SHA1
  
  950c6e1301afaefbcf1913ef856f39de4f42335c
- SHA256
  
  0b2760e66b0860dec87a83211ad1475ccac91ad20f1ee528f09d467b99079049
- SHA512
  
  a560e73fbe618b14e03c4b4e54a716b63e374be6590925f5a860ba42bee4ce80147cee89fa45f3fcee78417951fbab05a1bff86b6bec3a40f9d1f8de194c8507
- SSDEEP
  
  6144:37qMKmkzLj/dohNFNeHFiGUw6oHOCTUnQWQENL:rUmkzf/SbFkl7jAHQ
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan