smokeloader | 7ad99a0bba2b0c8f5b035911feac60503df8c8b8364ad54684579ebd7e8e4874 | Triage

Sharing

General

Target

7ad99a0bba2b0c8f5b035911feac60503df8c8b8364ad54684579ebd7e8e4874
Size

222KB
Sample

230329-d2rkesgc4s
MD5

b2dd2f9a1b9a85c1f98d8b128148a43e
SHA1

c9f199c592fa23063f19cf571820068b1d0b4c37
SHA256

7ad99a0bba2b0c8f5b035911feac60503df8c8b8364ad54684579ebd7e8e4874
SHA512

285584d5d5af8dc38ede7cd467e72858f4945bcbc7013b65155eca88d20c93245a23b16f54557d69e77793dcf3e9239cb0a9f2fae5e9bb70e7d820ccc5f98355
SSDEEP

3072:2saj92OTKP99y/0w8c6tyFlFh0ACzVnBgntkmyJAOXE//3vFKypmuEsY:mIv+/uNWCuy7A/vvFKuE

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7ad99a0bba2b0c8f5b035911feac60503df8c8b8364ad54684579ebd7e8e4874
- Size
  
  222KB
- MD5
  
  b2dd2f9a1b9a85c1f98d8b128148a43e
- SHA1
  
  c9f199c592fa23063f19cf571820068b1d0b4c37
- SHA256
  
  7ad99a0bba2b0c8f5b035911feac60503df8c8b8364ad54684579ebd7e8e4874
- SHA512
  
  285584d5d5af8dc38ede7cd467e72858f4945bcbc7013b65155eca88d20c93245a23b16f54557d69e77793dcf3e9239cb0a9f2fae5e9bb70e7d820ccc5f98355
- SSDEEP
  
  3072:2saj92OTKP99y/0w8c6tyFlFh0ACzVnBgntkmyJAOXE//3vFKypmuEsY:mIv+/uNWCuy7A/vvFKuE
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan