smokeloader | a9b20722330d3f857864c523f2f6932764921cf043ac96142a221dec3ed5e19d | Triage

Sharing

General

Target

a9b20722330d3f857864c523f2f6932764921cf043ac96142a221dec3ed5e19d
Size

246KB
Sample

230329-h3lg1sfb95
MD5

dc7832f10b35021079f42933b55255e2
SHA1

cc7300d0c450c19b87bfae80452fdf8fb82982dc
SHA256

a9b20722330d3f857864c523f2f6932764921cf043ac96142a221dec3ed5e19d
SHA512

5fe4447ab42863806eefbca0a8e1a04cedb98f0ae4dbf2e00951d1d07f84f54b123591aec9d494a178023346187d438762f35a00cfc754ea64086b7b1b4a54e2
SSDEEP

3072:H2HtVZKaLxHntg7XeVjj9bGgZmq+DHDD1STI3XdrSFhpJh5Tz3V:At2aLxHqXeVjpbGcmqSHDD1OmN4p9z

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a9b20722330d3f857864c523f2f6932764921cf043ac96142a221dec3ed5e19d
- Size
  
  246KB
- MD5
  
  dc7832f10b35021079f42933b55255e2
- SHA1
  
  cc7300d0c450c19b87bfae80452fdf8fb82982dc
- SHA256
  
  a9b20722330d3f857864c523f2f6932764921cf043ac96142a221dec3ed5e19d
- SHA512
  
  5fe4447ab42863806eefbca0a8e1a04cedb98f0ae4dbf2e00951d1d07f84f54b123591aec9d494a178023346187d438762f35a00cfc754ea64086b7b1b4a54e2
- SSDEEP
  
  3072:H2HtVZKaLxHntg7XeVjj9bGgZmq+DHDD1STI3XdrSFhpJh5Tz3V:At2aLxHqXeVjpbGcmqSHDD1OmN4p9z
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan