smokeloader | 19b5ead96c8443fa6850c70338ed28288ca2dec2a0ec34d5bab352f904f42408 | Triage

Sharing

General

Target

19b5ead96c8443fa6850c70338ed28288ca2dec2a0ec34d5bab352f904f42408
Size

249KB
Sample

230329-rad2xagf27
MD5

0f7adc41c556fb6d0d7156be5e1f055a
SHA1

5a76818e953aff4393b5cb783a4db02cb814baf0
SHA256

19b5ead96c8443fa6850c70338ed28288ca2dec2a0ec34d5bab352f904f42408
SHA512

82f562c1390328dbc6196b8b2cc1a556dd2940d0db953a01ac456242c0f8fedf16da3b88c857432b4335abd7b8984faa82f725f56c4f0c01d742644ebc8b599c
SSDEEP

3072:P3h0Rap5XY8XAfunQL9iUld9j5AiQW7Z6CzylxDr6v5KtX0QmFR3t48+Dh:CRaj7AfuQL9PHnV16COKv54mFR9+

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  19b5ead96c8443fa6850c70338ed28288ca2dec2a0ec34d5bab352f904f42408
- Size
  
  249KB
- MD5
  
  0f7adc41c556fb6d0d7156be5e1f055a
- SHA1
  
  5a76818e953aff4393b5cb783a4db02cb814baf0
- SHA256
  
  19b5ead96c8443fa6850c70338ed28288ca2dec2a0ec34d5bab352f904f42408
- SHA512
  
  82f562c1390328dbc6196b8b2cc1a556dd2940d0db953a01ac456242c0f8fedf16da3b88c857432b4335abd7b8984faa82f725f56c4f0c01d742644ebc8b599c
- SSDEEP
  
  3072:P3h0Rap5XY8XAfunQL9iUld9j5AiQW7Z6CzylxDr6v5KtX0QmFR3t48+Dh:CRaj7AfuQL9PHnV16COKv54mFR9+
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan