smokeloader | 28eeba65787422e3bde080d3874913f0463496763405007e05725ff636903838 | Triage

Sharing

General

Target

28eeba65787422e3bde080d3874913f0463496763405007e05725ff636903838
Size

224KB
Sample

230330-hrr6esbd25
MD5

27f18348b5f439bbf093145f585f4501
SHA1

6f2c336a3348282add6c29da5010ba895eb690fa
SHA256

28eeba65787422e3bde080d3874913f0463496763405007e05725ff636903838
SHA512

7d851c5d37cd995d69d310ef44176578e5baef2f3eab559b9a0566a57a2c81852904cc84be0f3eac22fecb76743f0480efed61b78bf76731f3ee05a9c193a8d8
SSDEEP

3072:rp8RbozBV8qyWg6SlTUbC4vtpQJ+BH4BR90VbSTiFEuPM5sRzITsA:rMcn8D36SW4+BER2VmTiSuaM

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  28eeba65787422e3bde080d3874913f0463496763405007e05725ff636903838
- Size
  
  224KB
- MD5
  
  27f18348b5f439bbf093145f585f4501
- SHA1
  
  6f2c336a3348282add6c29da5010ba895eb690fa
- SHA256
  
  28eeba65787422e3bde080d3874913f0463496763405007e05725ff636903838
- SHA512
  
  7d851c5d37cd995d69d310ef44176578e5baef2f3eab559b9a0566a57a2c81852904cc84be0f3eac22fecb76743f0480efed61b78bf76731f3ee05a9c193a8d8
- SSDEEP
  
  3072:rp8RbozBV8qyWg6SlTUbC4vtpQJ+BH4BR90VbSTiFEuPM5sRzITsA:rMcn8D36SW4+BER2VmTiSuaM
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan