smokeloader | 7780027ffe04f23af940824b693e4bdfea9df5363d18afef36e2d08244e55dd5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7780027ffe04f23af940824b693e4bdfea9df5363d18afef36e2d08244e55dd5
Size

217KB
Sample

230331-xyhb5aea8s
MD5

4270ab088c3f2ef45513afbe271f0a45
SHA1

aa13a689c3b11acb770a4bb03307bd0d3ec28940
SHA256

7780027ffe04f23af940824b693e4bdfea9df5363d18afef36e2d08244e55dd5
SHA512

1448b6ac1472b04182df2a7440658b7b7755a6a4a0130053d1f90cbafa3ec358c1636813f6c60b0972aeab1010c2a9e70365609d4fd2c229f37d511b99044a62
SSDEEP

3072:ZyyJncRzaa2xjf5xoR13uW6M+6UW5cVVst:08cl2xDYvuWsVVst

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7780027ffe04f23af940824b693e4bdfea9df5363d18afef36e2d08244e55dd5
- Size
  
  217KB
- MD5
  
  4270ab088c3f2ef45513afbe271f0a45
- SHA1
  
  aa13a689c3b11acb770a4bb03307bd0d3ec28940
- SHA256
  
  7780027ffe04f23af940824b693e4bdfea9df5363d18afef36e2d08244e55dd5
- SHA512
  
  1448b6ac1472b04182df2a7440658b7b7755a6a4a0130053d1f90cbafa3ec358c1636813f6c60b0972aeab1010c2a9e70365609d4fd2c229f37d511b99044a62
- SSDEEP
  
  3072:ZyyJncRzaa2xjf5xoR13uW6M+6UW5cVVst:08cl2xDYvuWsVVst
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan