smokeloader | 2925436a2f764bcc11374f66b86a3b93495c7a8949136b45d7fb99dc6c57db1f | Triage

Sharing

General

Target

2925436a2f764bcc11374f66b86a3b93495c7a8949136b45d7fb99dc6c57db1f
Size

260KB
Sample

230405-cbpsgadb4x
MD5

6d4983ad5a6158e5ebd5366286d4f3a6
SHA1

a75ebee6eef09ab526856a8d40ff731d99a27059
SHA256

2925436a2f764bcc11374f66b86a3b93495c7a8949136b45d7fb99dc6c57db1f
SHA512

e5301ef9b4951e1d7013125240eb7acf783b5489cafb4f7504afce6873394b2fb05bfc8f808db0272771348b7dbe17cc712672a52b1c83cf7e83297df5719203
SSDEEP

3072:IXgcJ9x5NGhbv6QWiyuaG3f3yHg0O3xlNwxAyLXNP+Y/Joz1VGlB9KUqaJSNn:wT9G8SRaGvCHg3byLXd/iDkgFaW

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2925436a2f764bcc11374f66b86a3b93495c7a8949136b45d7fb99dc6c57db1f
- Size
  
  260KB
- MD5
  
  6d4983ad5a6158e5ebd5366286d4f3a6
- SHA1
  
  a75ebee6eef09ab526856a8d40ff731d99a27059
- SHA256
  
  2925436a2f764bcc11374f66b86a3b93495c7a8949136b45d7fb99dc6c57db1f
- SHA512
  
  e5301ef9b4951e1d7013125240eb7acf783b5489cafb4f7504afce6873394b2fb05bfc8f808db0272771348b7dbe17cc712672a52b1c83cf7e83297df5719203
- SSDEEP
  
  3072:IXgcJ9x5NGhbv6QWiyuaG3f3yHg0O3xlNwxAyLXNP+Y/Joz1VGlB9KUqaJSNn:wT9G8SRaGvCHg3byLXd/iDkgFaW
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan