smokeloader | a7c93ad768ca71ba422bf5e8771668b3c85450c0747ecdcdb8785a84a99b3548 | Triage

Sharing

General

Target

setup.exe
Size

296KB
Sample

230329-cbjw8aga8t
MD5

bdfa203e8e4e627fa880a19bcc47a608
SHA1

c638dfaf4ca653123139ae300a3ad2e5585294af
SHA256

a7c93ad768ca71ba422bf5e8771668b3c85450c0747ecdcdb8785a84a99b3548
SHA512

0df58c002fe95641b06058301ca656eb5311cbb0e86593e305d6fab84f89cb8dd467dd2ce8f052b83b8d5bc47ef4463fffa66a5e554e10202988b00c8d0a24ad
SSDEEP

3072:dxQZ4YEv4bVS2yJmhTeyMu3TAy6OPBXQ1Kpax6e0Ayhk4AndTOWvQfu:bvt4bVAmhN6gyxGAya4

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  296KB
- MD5
  
  bdfa203e8e4e627fa880a19bcc47a608
- SHA1
  
  c638dfaf4ca653123139ae300a3ad2e5585294af
- SHA256
  
  a7c93ad768ca71ba422bf5e8771668b3c85450c0747ecdcdb8785a84a99b3548
- SHA512
  
  0df58c002fe95641b06058301ca656eb5311cbb0e86593e305d6fab84f89cb8dd467dd2ce8f052b83b8d5bc47ef4463fffa66a5e554e10202988b00c8d0a24ad
- SSDEEP
  
  3072:dxQZ4YEv4bVS2yJmhTeyMu3TAy6OPBXQ1Kpax6e0Ayhk4AndTOWvQfu:bvt4bVAmhN6gyxGAya4
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan