smokeloader | 4d2d7253f92fabcfd3adc2b0f112f8ddde14c0e94b88c603fe332b2e5d77cd00 | Triage

Sharing

General

Target

4d2d7253f92fabcfd3adc2b0f112f8ddde14c0e94b88c603fe332b2e5d77cd00
Size

250KB
Sample

230329-te8s7agh84
MD5

639376664335231a89d68e63a091cf23
SHA1

591946aa4917051b89305b73a981489fe3c43b47
SHA256

4d2d7253f92fabcfd3adc2b0f112f8ddde14c0e94b88c603fe332b2e5d77cd00
SHA512

aedac85f02b76cf5afe7784e3d5668fa821bb87c3c5f6fed73779090dbc865ad72f1b6588afee397ab28c84366da7eaa220977c2faab3cc597009d16b1b3a44d
SSDEEP

3072:F9NHUpV5g8XLj5bzLXG5FEELTPvaI4nh1/wbsHEvDxdoegx4cj:ZHUj9Lj53LXKzYnToIH4xdc

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4d2d7253f92fabcfd3adc2b0f112f8ddde14c0e94b88c603fe332b2e5d77cd00
- Size
  
  250KB
- MD5
  
  639376664335231a89d68e63a091cf23
- SHA1
  
  591946aa4917051b89305b73a981489fe3c43b47
- SHA256
  
  4d2d7253f92fabcfd3adc2b0f112f8ddde14c0e94b88c603fe332b2e5d77cd00
- SHA512
  
  aedac85f02b76cf5afe7784e3d5668fa821bb87c3c5f6fed73779090dbc865ad72f1b6588afee397ab28c84366da7eaa220977c2faab3cc597009d16b1b3a44d
- SSDEEP
  
  3072:F9NHUpV5g8XLj5bzLXG5FEELTPvaI4nh1/wbsHEvDxdoegx4cj:ZHUj9Lj53LXKzYnToIH4xdc
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan