smokeloader | 2f9d309fb9e082963ee9dff9aa696628fbff8114752b3a2f70432291b1053398 | Triage

Sharing

General

Target

2f9d309fb9e082963ee9dff9aa696628fbff8114752b3a2f70432291b1053398
Size

233KB
Sample

230330-28e2zahb51
MD5

7d89a16c9a9878039cb1fd0c7aaa0b38
SHA1

491689eedc66b34fde6b1021363a3bf61e51f3f2
SHA256

2f9d309fb9e082963ee9dff9aa696628fbff8114752b3a2f70432291b1053398
SHA512

52654486f8f6f680bed07c2c896595f61e5ec309c8467e86117144c226d31f931558c1e245627657660aaede313d39cd35c4f1cd89fbf64ed963ac598170d028
SSDEEP

3072:1152R0snciCFk+tdjomsoHzbPxDCt4ftw5wydycpqTpgEgTVlYxrRAVLCfYPlzFp:v0bci+jock4ftw5wy4B1CTAtiEfqf

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2f9d309fb9e082963ee9dff9aa696628fbff8114752b3a2f70432291b1053398
- Size
  
  233KB
- MD5
  
  7d89a16c9a9878039cb1fd0c7aaa0b38
- SHA1
  
  491689eedc66b34fde6b1021363a3bf61e51f3f2
- SHA256
  
  2f9d309fb9e082963ee9dff9aa696628fbff8114752b3a2f70432291b1053398
- SHA512
  
  52654486f8f6f680bed07c2c896595f61e5ec309c8467e86117144c226d31f931558c1e245627657660aaede313d39cd35c4f1cd89fbf64ed963ac598170d028
- SSDEEP
  
  3072:1152R0snciCFk+tdjomsoHzbPxDCt4ftw5wydycpqTpgEgTVlYxrRAVLCfYPlzFp:v0bci+jock4ftw5wy4B1CTAtiEfqf
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan