smokeloader | 93b702e01161fe01b735504ae6f1cad6b45e70910743197204b2d868c5720c2d | Triage

Sharing

General

Target

93b702e01161fe01b735504ae6f1cad6b45e70910743197204b2d868c5720c2d
Size

244KB
Sample

230329-qbav7sgd43
MD5

64db1020042ef00871bc85535b1c94db
SHA1

f79480fa7e697fcbc2369f22104ea1c61fde7213
SHA256

93b702e01161fe01b735504ae6f1cad6b45e70910743197204b2d868c5720c2d
SHA512

f72d719eb481de3e1527a8089bb13910003f051ece1f9d8dbcf1676be2ca11eef9d9cb6c24998a50939ca7769d6fe95ad38a03108dbed718e9da02c63654cb29
SSDEEP

3072:UuI80kg8jLMRL4EteF3ZH1Z1AqGil0dE8gFY+ual05f/qL9/:Y8KiLMdQF3JaqGilGEZOao/

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  93b702e01161fe01b735504ae6f1cad6b45e70910743197204b2d868c5720c2d
- Size
  
  244KB
- MD5
  
  64db1020042ef00871bc85535b1c94db
- SHA1
  
  f79480fa7e697fcbc2369f22104ea1c61fde7213
- SHA256
  
  93b702e01161fe01b735504ae6f1cad6b45e70910743197204b2d868c5720c2d
- SHA512
  
  f72d719eb481de3e1527a8089bb13910003f051ece1f9d8dbcf1676be2ca11eef9d9cb6c24998a50939ca7769d6fe95ad38a03108dbed718e9da02c63654cb29
- SSDEEP
  
  3072:UuI80kg8jLMRL4EteF3ZH1Z1AqGil0dE8gFY+ual05f/qL9/:Y8KiLMdQF3JaqGilGEZOao/
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan