smokeloader | 18995e846a35119d96ee0289476a954d486d82e17c4feff5a84a20d8f229b8eb | Triage

Sharing

General

Target

setup.exe
Size

249KB
Sample

230401-cdt5zafc45
MD5

fee6d51c443d167ee734db48cffa4278
SHA1

e5f36e47864c013d08bb193ebb591ec6fa4344a6
SHA256

18995e846a35119d96ee0289476a954d486d82e17c4feff5a84a20d8f229b8eb
SHA512

2b9d70ba2b6f2a23df73aa2eb81134603f64c9469314340cc5edbf4e1849b18844fe0094e6f622e8d1979820ff2051541afe1c2071da98285ff22a80702203b9
SSDEEP

6144:1eKRglMJNUUFp7qpi1VNmgMG5cuPMth232+:4lMDUUFk06G5c7k2+

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  249KB
- MD5
  
  fee6d51c443d167ee734db48cffa4278
- SHA1
  
  e5f36e47864c013d08bb193ebb591ec6fa4344a6
- SHA256
  
  18995e846a35119d96ee0289476a954d486d82e17c4feff5a84a20d8f229b8eb
- SHA512
  
  2b9d70ba2b6f2a23df73aa2eb81134603f64c9469314340cc5edbf4e1849b18844fe0094e6f622e8d1979820ff2051541afe1c2071da98285ff22a80702203b9
- SSDEEP
  
  6144:1eKRglMJNUUFp7qpi1VNmgMG5cuPMth232+:4lMDUUFk06G5c7k2+
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan