smokeloader | b622a516afd5b69e7586e2ba3efd4b1f9789e6e379d434228b45bf03d4010330 | Triage

Sharing

General

Target

setup.exe
Size

223KB
Sample

230331-baytbahd3x
MD5

3276272e8d6180106095d253030a3fdb
SHA1

a5702e01f18c6ab8a7576e24b01d448f50f14469
SHA256

b622a516afd5b69e7586e2ba3efd4b1f9789e6e379d434228b45bf03d4010330
SHA512

0436b6895c7e338e4ee53a8461555b6f43faaaa23322451abfbd14917de37ed5aff862f422e7b84d0b7a1b56abb5c4a5d346d79e49d8f8ad51a45606f7890a9f
SSDEEP

3072:ab9NWXQKmTKiXYdjh5tql9pPkgDpHQetlb0HMTIwDGCGOmRLaoJKc3iSS80:L1ORXYGxdHQAgHmxDGClm9Kq

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  223KB
- MD5
  
  3276272e8d6180106095d253030a3fdb
- SHA1
  
  a5702e01f18c6ab8a7576e24b01d448f50f14469
- SHA256
  
  b622a516afd5b69e7586e2ba3efd4b1f9789e6e379d434228b45bf03d4010330
- SHA512
  
  0436b6895c7e338e4ee53a8461555b6f43faaaa23322451abfbd14917de37ed5aff862f422e7b84d0b7a1b56abb5c4a5d346d79e49d8f8ad51a45606f7890a9f
- SSDEEP
  
  3072:ab9NWXQKmTKiXYdjh5tql9pPkgDpHQetlb0HMTIwDGCGOmRLaoJKc3iSS80:L1ORXYGxdHQAgHmxDGClm9Kq
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan