smokeloader | 59f96274277214aa26d4f8c9ce98b349c2ed85b615c1e8f6e44b779a76da5d2c | Triage

Sharing

General

Target

59f96274277214aa26d4f8c9ce98b349c2ed85b615c1e8f6e44b779a76da5d2c
Size

237KB
Sample

230423-z6t21ahe7y
MD5

afd171422de8d7defda8b07468d0ba81
SHA1

627bc061a665593ab6cdfea2ec00123b54d89604
SHA256

59f96274277214aa26d4f8c9ce98b349c2ed85b615c1e8f6e44b779a76da5d2c
SHA512

ac84057eb87c983f7726fa1f55879e58135195a29759b59585c108f238e674bc03c55f4352d7af535103849779ff63b281d70abb3c43fd5bfa9c56ea632cb422
SSDEEP

3072:JtKqVSzkIeT89o3HNw2bQAsXHnp0cvIXUpqc2VDNO54Qz3Nbs+tVeR:nrVmwK3Hp3vuc2bODE

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  59f96274277214aa26d4f8c9ce98b349c2ed85b615c1e8f6e44b779a76da5d2c
- Size
  
  237KB
- MD5
  
  afd171422de8d7defda8b07468d0ba81
- SHA1
  
  627bc061a665593ab6cdfea2ec00123b54d89604
- SHA256
  
  59f96274277214aa26d4f8c9ce98b349c2ed85b615c1e8f6e44b779a76da5d2c
- SHA512
  
  ac84057eb87c983f7726fa1f55879e58135195a29759b59585c108f238e674bc03c55f4352d7af535103849779ff63b281d70abb3c43fd5bfa9c56ea632cb422
- SSDEEP
  
  3072:JtKqVSzkIeT89o3HNw2bQAsXHnp0cvIXUpqc2VDNO54Qz3Nbs+tVeR:nrVmwK3Hp3vuc2bODE
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan