smokeloader | 65d0f98251d3fec8407452aea6c523f6cac7dd34d3bb141ddaec4a160d01dc68 | Triage

Sharing

General

Target

65d0f98251d3fec8407452aea6c523f6cac7dd34d3bb141ddaec4a160d01dc68
Size

275KB
Sample

230413-wxm1jsee7z
MD5

cd73c933d5d2e9198b39ce8c94be2162
SHA1

abca8c9ecc25ffc0472951031f0f362e59653fa5
SHA256

65d0f98251d3fec8407452aea6c523f6cac7dd34d3bb141ddaec4a160d01dc68
SHA512

d310c67c085ab352dddf37c134f76ac52b606161a5af500fd4fe7f220ce138132fc8e5724ad8db1e7398a5ac63bc80c96bd7d36a6beb1d3a24e020dc9ff96dcb
SSDEEP

3072:osglgaVb7nykPOlg4z9uJS7Bio9GzbsQK/ZPYDKCK9feogTgB50gb2J0nD:4glkPOldMJSVjUzbpEPYDDKALhgb2a

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  65d0f98251d3fec8407452aea6c523f6cac7dd34d3bb141ddaec4a160d01dc68
- Size
  
  275KB
- MD5
  
  cd73c933d5d2e9198b39ce8c94be2162
- SHA1
  
  abca8c9ecc25ffc0472951031f0f362e59653fa5
- SHA256
  
  65d0f98251d3fec8407452aea6c523f6cac7dd34d3bb141ddaec4a160d01dc68
- SHA512
  
  d310c67c085ab352dddf37c134f76ac52b606161a5af500fd4fe7f220ce138132fc8e5724ad8db1e7398a5ac63bc80c96bd7d36a6beb1d3a24e020dc9ff96dcb
- SSDEEP
  
  3072:osglgaVb7nykPOlg4z9uJS7Bio9GzbsQK/ZPYDKCK9feogTgB50gb2J0nD:4glkPOldMJSVjUzbpEPYDDKALhgb2a
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan