smokeloader | 627cdf420cef9e1226a8138f2fcb2782a234dcca45bf5050f735d1309a1fe970 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

627cdf420cef9e1226a8138f2fcb2782a234dcca45bf5050f735d1309a1fe970
Size

351KB
Sample

230415-tv917aeg55
MD5

7dfe35f0c80679904145ceda0caf7781
SHA1

2486c97eef233c30cb8973dc7e551303402e47cb
SHA256

627cdf420cef9e1226a8138f2fcb2782a234dcca45bf5050f735d1309a1fe970
SHA512

88765b3e6d55de29af1fc3878ee2404faf2e38a7591c40fe86da0078ac359f68a3a7fe5f6d298d93ffb775a79043fbc5924ad907ad41400578e0cd23ce9535d8
SSDEEP

3072:tB85Cc85YwVButS8rZuc7icDaCHcwIlzXma1es11XpNVFigmWINwqB5cFXPl+OV9:X8vxwTOicS1/0sXX3jxmWYwhRPwe4

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  627cdf420cef9e1226a8138f2fcb2782a234dcca45bf5050f735d1309a1fe970
- Size
  
  351KB
- MD5
  
  7dfe35f0c80679904145ceda0caf7781
- SHA1
  
  2486c97eef233c30cb8973dc7e551303402e47cb
- SHA256
  
  627cdf420cef9e1226a8138f2fcb2782a234dcca45bf5050f735d1309a1fe970
- SHA512
  
  88765b3e6d55de29af1fc3878ee2404faf2e38a7591c40fe86da0078ac359f68a3a7fe5f6d298d93ffb775a79043fbc5924ad907ad41400578e0cd23ce9535d8
- SSDEEP
  
  3072:tB85Cc85YwVButS8rZuc7icDaCHcwIlzXma1es11XpNVFigmWINwqB5cFXPl+OV9:X8vxwTOicS1/0sXX3jxmWYwhRPwe4
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan