smokeloader | 6e54fbf62b6fbb76044df70160fff85fcfa852b52d6be07e224f56206034ae52 | Triage

Sharing

General

Target

6e54fbf62b6fbb76044df70160fff85fcfa852b52d6be07e224f56206034ae52
Size

212KB
Sample

230417-zvtl4aga82
MD5

f87db625aa500e04ef59e2034aa1075c
SHA1

8bcba86adf3983defa1c9801aaa5afd97cbc9a93
SHA256

6e54fbf62b6fbb76044df70160fff85fcfa852b52d6be07e224f56206034ae52
SHA512

2edd83ffa195f1f17cd96688fd5db4ce6f5dd3f6fc80375a2da044e6886c777bef74c6b551b4a6f17ad20b171a227dd04b1056a057138dbc9e8e2b9ed5a237da
SSDEEP

3072:LGsKWnRhxH06rKa/gK46gW2ue3CBFpu3KSfCdTrJcK5VBnI7iMW:tRhxn2SgW27CBF4jIC+a7iM

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6e54fbf62b6fbb76044df70160fff85fcfa852b52d6be07e224f56206034ae52
- Size
  
  212KB
- MD5
  
  f87db625aa500e04ef59e2034aa1075c
- SHA1
  
  8bcba86adf3983defa1c9801aaa5afd97cbc9a93
- SHA256
  
  6e54fbf62b6fbb76044df70160fff85fcfa852b52d6be07e224f56206034ae52
- SHA512
  
  2edd83ffa195f1f17cd96688fd5db4ce6f5dd3f6fc80375a2da044e6886c777bef74c6b551b4a6f17ad20b171a227dd04b1056a057138dbc9e8e2b9ed5a237da
- SSDEEP
  
  3072:LGsKWnRhxH06rKa/gK46gW2ue3CBFpu3KSfCdTrJcK5VBnI7iMW:tRhxn2SgW27CBF4jIC+a7iM
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan