smokeloader | 6e84c127463808d6cfc4b3f5aa6cfb3cd523398b7be1154b0cef9054aee344dd | Triage

Sharing

General

Target

6e84c127463808d6cfc4b3f5aa6cfb3cd523398b7be1154b0cef9054aee344dd
Size

223KB
Sample

230329-cnpm8sed53
MD5

cf5ff086a90dfe58e1a7e37c4a08c793
SHA1

832b1e6183bddbda406b540a7881c2b24b47c72c
SHA256

6e84c127463808d6cfc4b3f5aa6cfb3cd523398b7be1154b0cef9054aee344dd
SHA512

3c67dfa07aaaf1de5f08b68b2f06dd5340e61d5fe24ae0af58b17b1269b2b154711672400c074c9696cf6dfb437841cf51e89288c47265a5fe61f44bb14a1717
SSDEEP

3072:mXjdnwJKHdF08owlTZtyzsYM0jymFLp+1us8duEuNygY:YNvQ8P3OO1ustEu

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6e84c127463808d6cfc4b3f5aa6cfb3cd523398b7be1154b0cef9054aee344dd
- Size
  
  223KB
- MD5
  
  cf5ff086a90dfe58e1a7e37c4a08c793
- SHA1
  
  832b1e6183bddbda406b540a7881c2b24b47c72c
- SHA256
  
  6e84c127463808d6cfc4b3f5aa6cfb3cd523398b7be1154b0cef9054aee344dd
- SHA512
  
  3c67dfa07aaaf1de5f08b68b2f06dd5340e61d5fe24ae0af58b17b1269b2b154711672400c074c9696cf6dfb437841cf51e89288c47265a5fe61f44bb14a1717
- SSDEEP
  
  3072:mXjdnwJKHdF08owlTZtyzsYM0jymFLp+1us8duEuNygY:YNvQ8P3OO1ustEu
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan