smokeloader | 99bc338b0bf8f4ca400f92cd2656ceec1b3c0bad6a0f54f5bbf9fdfe91fab0ed | Triage

Sharing

General

Target

99bc338b0bf8f4ca400f92cd2656ceec1b3c0bad6a0f54f5bbf9fdfe91fab0ed
Size

243KB
Sample

230422-nz75hagd5s
MD5

93b19244c22bd389fe04ad8c542acfa5
SHA1

9be0e89a1c25136e6875740cbdff6f1bdfb18bd4
SHA256

99bc338b0bf8f4ca400f92cd2656ceec1b3c0bad6a0f54f5bbf9fdfe91fab0ed
SHA512

eac94b9fd2d1684d04085a9e528c3e4e15a3793f408efc5aa60dbf548172b9db9831ce9619d15cc2ae82f3c1f418c947e3ffdae4c6f7e5f00d101c8fd5d04617
SSDEEP

3072:aSncrbtyr+OfLfZ9HO6rOIOKtn1DZnVvEri+34dAZ+e0nFQ53IHPmLr:7njr+OfLffeZKtn1FVvEhodAvIHe

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  99bc338b0bf8f4ca400f92cd2656ceec1b3c0bad6a0f54f5bbf9fdfe91fab0ed
- Size
  
  243KB
- MD5
  
  93b19244c22bd389fe04ad8c542acfa5
- SHA1
  
  9be0e89a1c25136e6875740cbdff6f1bdfb18bd4
- SHA256
  
  99bc338b0bf8f4ca400f92cd2656ceec1b3c0bad6a0f54f5bbf9fdfe91fab0ed
- SHA512
  
  eac94b9fd2d1684d04085a9e528c3e4e15a3793f408efc5aa60dbf548172b9db9831ce9619d15cc2ae82f3c1f418c947e3ffdae4c6f7e5f00d101c8fd5d04617
- SSDEEP
  
  3072:aSncrbtyr+OfLfZ9HO6rOIOKtn1DZnVvEri+34dAZ+e0nFQ53IHPmLr:7njr+OfLffeZKtn1FVvEhodAvIHe
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan