smokeloader | 01e45abb29d308bb9402e7a7509bbd39fcf51fae5962fb40fcd13a04b6a87afd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01e45abb29d308bb9402e7a7509bbd39fcf51fae5962fb40fcd13a04b6a87afd
Size

249KB
Sample

230330-actfyaca2t
MD5

363fe2a2f81e70d676809132e83c5320
SHA1

1a969aee5858b4196d08c684abf983944c8b0fb3
SHA256

01e45abb29d308bb9402e7a7509bbd39fcf51fae5962fb40fcd13a04b6a87afd
SHA512

fa60fa073b43de831973daf14edb350100b989f994de340984bfcf045faa8207e36314283541edd6ab55f0fb6f29ad6e4c799586c1bf124f7019ec42fcbd4058
SSDEEP

3072:Ib7i8FXgN8XvlsEILOoPnhoDyfaOoPAZN3Egr7lee3CB4dw4xAr:G+853vlsRLO4hEUaOoPkrrHvS

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  01e45abb29d308bb9402e7a7509bbd39fcf51fae5962fb40fcd13a04b6a87afd
- Size
  
  249KB
- MD5
  
  363fe2a2f81e70d676809132e83c5320
- SHA1
  
  1a969aee5858b4196d08c684abf983944c8b0fb3
- SHA256
  
  01e45abb29d308bb9402e7a7509bbd39fcf51fae5962fb40fcd13a04b6a87afd
- SHA512
  
  fa60fa073b43de831973daf14edb350100b989f994de340984bfcf045faa8207e36314283541edd6ab55f0fb6f29ad6e4c799586c1bf124f7019ec42fcbd4058
- SSDEEP
  
  3072:Ib7i8FXgN8XvlsEILOoPnhoDyfaOoPAZN3Egr7lee3CB4dw4xAr:G+853vlsRLO4hEUaOoPkrrHvS
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan