smokeloader | 05594b7982e9ef176652ab924c6e34f681b4218bc8ded77f1787853cc0795ed7 | Triage

Sharing

General

Target

dc2b29d266ff6b61177109be6c45a9e8.bin
Size

141KB
Sample

230411-b2jtgahg83
MD5

df0314d90735734f670e97ca6fa1cfce
SHA1

62758df0526bbeab2c6d5ca3e8ebfcdc937ef30e
SHA256

05594b7982e9ef176652ab924c6e34f681b4218bc8ded77f1787853cc0795ed7
SHA512

0c4920f492be062f7f59d6e9fc216beb929c9773c0bf41df59fd00c8a8c38ce084254a17537b8d0630aeb609dab1db6ae4be45dd739e245128a538cc1e1b36d6
SSDEEP

3072:JfB8zhF11nZABu7b2NaZfSrzl7VII+9EITdRFP4KubmDeyRlTlQWvEf:x8hF1OuOQarz3Ip9FTPFnW4eyRFlQWK

Score

10^/10

smokeloader pub2 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a7d879db0eb780f7c985e88537921f05e942739af8bb1a4903c96890d52f860d.exe
- Size
  
  202KB
- MD5
  
  dc2b29d266ff6b61177109be6c45a9e8
- SHA1
  
  9fa94c33eea1ba317933ec84d338e176843748f9
- SHA256
  
  a7d879db0eb780f7c985e88537921f05e942739af8bb1a4903c96890d52f860d
- SHA512
  
  17381dacbe21b5517026b348835c477a1399c6cd1bf2d29d9d91bc77cf318f1166e46bda9ea6273607dc33cfe9c765afb4151a271e2c663fa8f6779c4062d3e4
- SSDEEP
  
  3072:YRm4owMuuJHNqlzWrJoIRHA96Aplm5OmDR:IjQlZOzspghB
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoortrojan