smokeloader | b44a7e50b5d3f6587ee0abbb8c5d2acc81d41c7cd5c2d8939893ad068a4f9dc9 | Triage

Sharing

General

Target

b44a7e50b5d3f6587ee0abbb8c5d2acc81d41c7cd5c2d8939893ad068a4f9dc9
Size

351KB
Sample

230415-jn54jsdd87
MD5

512a8cf28f23b7833e490b5f3dc6b334
SHA1

3c971aba342e5a93e86828d3cef456bede6ea24c
SHA256

b44a7e50b5d3f6587ee0abbb8c5d2acc81d41c7cd5c2d8939893ad068a4f9dc9
SHA512

e9b6abaa6893e0c0c59709a037052458e16e39a520a6d60ab4130a1e5c7b7a0214be9384ba8e296c0898af2b27a22992e5861a469a384726b792f52f645c0896
SSDEEP

3072:FarCAwRhzkWlIUm47TjgSkyHecsP5wT2GAr9jbuk3rj4tDPzNUj+zb2O0n/U/2SY:sr8RkcXmmrkypyR0k3HyP5ljTi

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b44a7e50b5d3f6587ee0abbb8c5d2acc81d41c7cd5c2d8939893ad068a4f9dc9
- Size
  
  351KB
- MD5
  
  512a8cf28f23b7833e490b5f3dc6b334
- SHA1
  
  3c971aba342e5a93e86828d3cef456bede6ea24c
- SHA256
  
  b44a7e50b5d3f6587ee0abbb8c5d2acc81d41c7cd5c2d8939893ad068a4f9dc9
- SHA512
  
  e9b6abaa6893e0c0c59709a037052458e16e39a520a6d60ab4130a1e5c7b7a0214be9384ba8e296c0898af2b27a22992e5861a469a384726b792f52f645c0896
- SSDEEP
  
  3072:FarCAwRhzkWlIUm47TjgSkyHecsP5wT2GAr9jbuk3rj4tDPzNUj+zb2O0n/U/2SY:sr8RkcXmmrkypyR0k3HyP5ljTi
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan