smokeloader | e21c34c148a77f2c077f5a00b98b86efa09d8cc91c238ad0241b29cd2e1ca47b | Triage

Sharing

General

Target

e21c34c148a77f2c077f5a00b98b86efa09d8cc91c238ad0241b29cd2e1ca47b
Size

352KB
Sample

230412-sm57lada92
MD5

79b75f9ac53ce775917bb8701646a333
SHA1

a84f0e0fcf1b768fa13cb856c44a69432f1aa585
SHA256

e21c34c148a77f2c077f5a00b98b86efa09d8cc91c238ad0241b29cd2e1ca47b
SHA512

24c90a3146970cd4f2af6c50a715301f99b08fea4519e99d845610f3bf9e230c014e42942d602f62b35ca521e5c980b61576e66e0eeccb2e6a712d52cd8dd98b
SSDEEP

6144:ADYrWJ77EbY7x822+F50CwA+ES81XzlCV+E:AD3J7+ix82jFO3PDOCVr

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e21c34c148a77f2c077f5a00b98b86efa09d8cc91c238ad0241b29cd2e1ca47b
- Size
  
  352KB
- MD5
  
  79b75f9ac53ce775917bb8701646a333
- SHA1
  
  a84f0e0fcf1b768fa13cb856c44a69432f1aa585
- SHA256
  
  e21c34c148a77f2c077f5a00b98b86efa09d8cc91c238ad0241b29cd2e1ca47b
- SHA512
  
  24c90a3146970cd4f2af6c50a715301f99b08fea4519e99d845610f3bf9e230c014e42942d602f62b35ca521e5c980b61576e66e0eeccb2e6a712d52cd8dd98b
- SSDEEP
  
  6144:ADYrWJ77EbY7x822+F50CwA+ES81XzlCV+E:AD3J7+ix82jFO3PDOCVr
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan