smokeloader | e948d819098a535a287e480031682ef52dfd0a3b4d53778b49d73f362409c8aa | Triage

Sharing

General

Target

e948d819098a535a287e480031682ef52dfd0a3b4d53778b49d73f362409c8aa
Size

250KB
Sample

230331-hn3gzsac2v
MD5

9940c2ab467873062bae14960469b7dd
SHA1

8a253e9de5d2daa699f0d7e0673d2f6dc480b4a0
SHA256

e948d819098a535a287e480031682ef52dfd0a3b4d53778b49d73f362409c8aa
SHA512

2ad6a4a99c7b05212e64c843027f946cd59ee26f02cc1b0e4655d9ecf88b7de70ffe9557291cbedd6d2a4f90b5e830e7ad91d4758aaf80128ee243930c66b6b9
SSDEEP

3072:wGA/Fn5TF+pt8XcfsRmXBOXRMN2iYWdrZr8Cr/+Sl73Mq4KvKKKFpxwH+v:whB5T0Acfmh6fYjK//3MfKKee

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e948d819098a535a287e480031682ef52dfd0a3b4d53778b49d73f362409c8aa
- Size
  
  250KB
- MD5
  
  9940c2ab467873062bae14960469b7dd
- SHA1
  
  8a253e9de5d2daa699f0d7e0673d2f6dc480b4a0
- SHA256
  
  e948d819098a535a287e480031682ef52dfd0a3b4d53778b49d73f362409c8aa
- SHA512
  
  2ad6a4a99c7b05212e64c843027f946cd59ee26f02cc1b0e4655d9ecf88b7de70ffe9557291cbedd6d2a4f90b5e830e7ad91d4758aaf80128ee243930c66b6b9
- SSDEEP
  
  3072:wGA/Fn5TF+pt8XcfsRmXBOXRMN2iYWdrZr8Cr/+Sl73Mq4KvKKKFpxwH+v:whB5T0Acfmh6fYjK//3MfKKee
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan