smokeloader | f134d845fc77d17d8c3d25722cfc7bf3941871fdc8dfc1a50a86a6f56e436e74 | Triage

Sharing

General

Target

f134d845fc77d17d8c3d25722cfc7bf3941871fdc8dfc1a50a86a6f56e436e74
Size

213KB
Sample

230412-b9hw5sae2t
MD5

1799c0e7844853c30dd5172fbb1f3cbb
SHA1

9549f1034d6fe5537f9f440a20da14b6b8b756c4
SHA256

f134d845fc77d17d8c3d25722cfc7bf3941871fdc8dfc1a50a86a6f56e436e74
SHA512

ec1f89d304337180414c5a6d0e9e606735bda1e94e01fed0f0758fe87832e18fea3b1c0c76c038a58b885053606d6a887f4d1df0888c2d67c2944e7bd0377deb
SSDEEP

3072:t1YUdO+XVPqSIun4Cmly1Jf4VKRF0gy1L+5t16G0RDX:rYUQ+kSIOcyzfr4tLK0G0l

Score

10^/10

smokeloader pub2 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f134d845fc77d17d8c3d25722cfc7bf3941871fdc8dfc1a50a86a6f56e436e74
- Size
  
  213KB
- MD5
  
  1799c0e7844853c30dd5172fbb1f3cbb
- SHA1
  
  9549f1034d6fe5537f9f440a20da14b6b8b756c4
- SHA256
  
  f134d845fc77d17d8c3d25722cfc7bf3941871fdc8dfc1a50a86a6f56e436e74
- SHA512
  
  ec1f89d304337180414c5a6d0e9e606735bda1e94e01fed0f0758fe87832e18fea3b1c0c76c038a58b885053606d6a887f4d1df0888c2d67c2944e7bd0377deb
- SSDEEP
  
  3072:t1YUdO+XVPqSIun4Cmly1Jf4VKRF0gy1L+5t16G0RDX:rYUQ+kSIOcyzfr4tLK0G0l
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan