smokeloader | 4c39363cfee2114c3cf4e4ba7bb34266c8a1188a99ce7f7c2ee3ba0ddcefad3b | Triage

Sharing

General

Target

603e1c4b337563620dd3b0873efd2242.bin
Size

173KB
Sample

230329-bpg44seb93
MD5

d4705eba514d775dd2b51b675033942d
SHA1

55195ccc80b0b1e1af92be29b3fa2d8bc9a1f2d9
SHA256

4c39363cfee2114c3cf4e4ba7bb34266c8a1188a99ce7f7c2ee3ba0ddcefad3b
SHA512

f0d3601cf2b85e460a87fc71f71d86e1e34195c9eb195d1c5a27a00faa1e19df36c232536dabb66c11dd783a9c3b7953acf01e63caa899e36cf27beba79193a7
SSDEEP

3072:uetmHCCJYN9/H2v8DPw6xoWYCtadKkaVUBtotEXcicqXjhs/osvQz+vIQ5dwKI:ueciQYN9/D7ySBKciJe/rLvIWdwb

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0efe59a8f13a80ac3ee5c71b2282972bd42d9e609afbff88d9bf8b9092743bd7.exe
- Size
  
  264KB
- MD5
  
  603e1c4b337563620dd3b0873efd2242
- SHA1
  
  f334f318213431b357aa7fab4a869f0d300ac079
- SHA256
  
  0efe59a8f13a80ac3ee5c71b2282972bd42d9e609afbff88d9bf8b9092743bd7
- SHA512
  
  e2791bd7c7476ecdad9d123274abf55bae7b88fb099fc7b6f438f6abfca415ed77719d908b748341034be7f74da789943e6906513ae96493d460301cb4099d4d
- SSDEEP
  
  3072:E3zCCRHyE0rYUXLHYLZ3zG9G6xHtPnBvsM+xUDzFQz1LlL5kYYCU3wsUf:EDz5yERUXL4Yzf2VkZ2oY
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan