smokeloader | 8a9a945c25f37431a6ee971ea9bb4b71dcc000a73d7b41f50973bf20bb198ab3 | Triage

Sharing

General

Target

8a9a945c25f37431a6ee971ea9bb4b71dcc000a73d7b41f50973bf20bb198ab3
Size

350KB
Sample

230414-3agnkscc76
MD5

b148500e29c734f5e2bb8b6acabbc69c
SHA1

d6de03a5eac546f17a10112fc1040be174eee24e
SHA256

8a9a945c25f37431a6ee971ea9bb4b71dcc000a73d7b41f50973bf20bb198ab3
SHA512

1163b6627bc769c64f45d0bb9bf3e9e42f94098283ef0763fbbf306e50ab733cb1453c1e2d3634c613f161f45072c394fe9405c12145dc6016729909aae48eac
SSDEEP

6144:WuN18W8VENBSwEnm4PBxctsuxvE1E76HPWzhgTXgxi:WusWg8SwEnm4ZxcFvqHeKDd

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  8a9a945c25f37431a6ee971ea9bb4b71dcc000a73d7b41f50973bf20bb198ab3
- Size
  
  350KB
- MD5
  
  b148500e29c734f5e2bb8b6acabbc69c
- SHA1
  
  d6de03a5eac546f17a10112fc1040be174eee24e
- SHA256
  
  8a9a945c25f37431a6ee971ea9bb4b71dcc000a73d7b41f50973bf20bb198ab3
- SHA512
  
  1163b6627bc769c64f45d0bb9bf3e9e42f94098283ef0763fbbf306e50ab733cb1453c1e2d3634c613f161f45072c394fe9405c12145dc6016729909aae48eac
- SSDEEP
  
  6144:WuN18W8VENBSwEnm4PBxctsuxvE1E76HPWzhgTXgxi:WusWg8SwEnm4ZxcFvqHeKDd
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan