smokeloader | 6fe0e6074dc694d8876f9ed524f013394611595ba241acbe044df148a852e776 | Triage

Sharing

General

Target

6fe0e6074dc694d8876f9ed524f013394611595ba241acbe044df148a852e776
Size

245KB
Sample

230329-fqrr6aeg84
MD5

ceb6bfd7b50cc461e49f92ea8ea7eb1c
SHA1

c50682d04b879cc534e9900ace6eb2fc9aa9bb05
SHA256

6fe0e6074dc694d8876f9ed524f013394611595ba241acbe044df148a852e776
SHA512

a47ae23a88360081a1bc67128354be9f72a4c446605534b0945036de30e782d60384c0d4b531842ca37a545c2d2ced5ea66e6ca225f27dbf95cece4642dd308d
SSDEEP

3072:RDmD+b10L/Hn507DJhqzDNX/d4xR3z3FshGXcIqeJ2TGh5T7pqNly0:0DA0L/HSDJ0zDNFiRfRqeJwu7pqNly

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6fe0e6074dc694d8876f9ed524f013394611595ba241acbe044df148a852e776
- Size
  
  245KB
- MD5
  
  ceb6bfd7b50cc461e49f92ea8ea7eb1c
- SHA1
  
  c50682d04b879cc534e9900ace6eb2fc9aa9bb05
- SHA256
  
  6fe0e6074dc694d8876f9ed524f013394611595ba241acbe044df148a852e776
- SHA512
  
  a47ae23a88360081a1bc67128354be9f72a4c446605534b0945036de30e782d60384c0d4b531842ca37a545c2d2ced5ea66e6ca225f27dbf95cece4642dd308d
- SSDEEP
  
  3072:RDmD+b10L/Hn507DJhqzDNX/d4xR3z3FshGXcIqeJ2TGh5T7pqNly0:0DA0L/HSDJ0zDNFiRfRqeJwu7pqNly
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan