smokeloader | 60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639 | Triage

Sharing

General

Target

60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639
Size

250KB
Sample

230331-e9eq9shh8x
MD5

933dc3211d2dd2a883c823ee0ee66b0c
SHA1

35b71cbb5f192b9affa65e99417732e523956bce
SHA256

60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639
SHA512

716525fea8437cf9b35107139a791b39486eea8143cfd20420ef823da55261afe096c54b819940d11f0bcb51d1e233d64c1bdc1c7d5ea80c15c5f8f5de1ed791
SSDEEP

3072:bReS2RFEzt8XRqvRRWRO9Z1VAD4dv79ttFY5UVPIwOySHpxw1E0a+v:p2RuyRqh3ZLFYu1IwuMWw

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639
- Size
  
  250KB
- MD5
  
  933dc3211d2dd2a883c823ee0ee66b0c
- SHA1
  
  35b71cbb5f192b9affa65e99417732e523956bce
- SHA256
  
  60b07a445998f1d5e90714ac1404b306cfdc9aa1be2d8616595a9e696d15a639
- SHA512
  
  716525fea8437cf9b35107139a791b39486eea8143cfd20420ef823da55261afe096c54b819940d11f0bcb51d1e233d64c1bdc1c7d5ea80c15c5f8f5de1ed791
- SSDEEP
  
  3072:bReS2RFEzt8XRqvRRWRO9Z1VAD4dv79ttFY5UVPIwOySHpxw1E0a+v:p2RuyRqh3ZLFYu1IwuMWw
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan