smokeloader | f6b82780bcfcb6416dc5fedcf029b38036658a5a8a4bc1d2ea2bc0858d4368ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6b82780bcfcb6416dc5fedcf029b38036658a5a8a4bc1d2ea2bc0858d4368ec
Size

257KB
Sample

230422-jq3q7sfd4y
MD5

5b9704ac5bbd7bb851b4f9d1df1a9655
SHA1

01da33c000216230feb47ff0d34bcc113babfd1a
SHA256

f6b82780bcfcb6416dc5fedcf029b38036658a5a8a4bc1d2ea2bc0858d4368ec
SHA512

d690c24337d366140cba3e42ca2142d9647c1ff92f7dc2525889324bf8eef8df6baf6a174a739a0e96ba666ef69d032dca948132d5f23856bab1dcc681facc25
SSDEEP

3072:ipSGxvYbFgsD/k56AMW4DlVqsScSC2ahqKTR7CvI4hqY5NK5XZ8VFN7sqiV:iUGxdsD85cW4DTzt7hq4xCzqY5+Z8Kb

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f6b82780bcfcb6416dc5fedcf029b38036658a5a8a4bc1d2ea2bc0858d4368ec
- Size
  
  257KB
- MD5
  
  5b9704ac5bbd7bb851b4f9d1df1a9655
- SHA1
  
  01da33c000216230feb47ff0d34bcc113babfd1a
- SHA256
  
  f6b82780bcfcb6416dc5fedcf029b38036658a5a8a4bc1d2ea2bc0858d4368ec
- SHA512
  
  d690c24337d366140cba3e42ca2142d9647c1ff92f7dc2525889324bf8eef8df6baf6a174a739a0e96ba666ef69d032dca948132d5f23856bab1dcc681facc25
- SSDEEP
  
  3072:ipSGxvYbFgsD/k56AMW4DlVqsScSC2ahqKTR7CvI4hqY5NK5XZ8VFN7sqiV:iUGxdsD85cW4DTzt7hq4xCzqY5+Z8Kb
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan