smokeloader | 3ef594babdc8bd54d6999595d70115b34828b8ee5390428af5844379c1bd0c9d | Triage

Sharing

General

Target

setup.exe
Size

325KB
Sample

230425-arrkwshb7w
MD5

da5dfec632256722349738288be6f62e
SHA1

fbc5940d0f0fdc67dbe2f874956f2aa3ddc4e0d9
SHA256

3ef594babdc8bd54d6999595d70115b34828b8ee5390428af5844379c1bd0c9d
SHA512

33a6d92c35385ef055d5bf66a0d7e399dbc180919e539297c25dead04069bb197621ee5ad383f51f1fe2e84617c5058bd4579f756d5f31caa147edc11550dcb4
SSDEEP

6144:24iMl0cTsm0bgBX0hMRF1ZK14TGZNciAeAxp:24iG5sm0b+Eh8LKrNnGp

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  325KB
- MD5
  
  da5dfec632256722349738288be6f62e
- SHA1
  
  fbc5940d0f0fdc67dbe2f874956f2aa3ddc4e0d9
- SHA256
  
  3ef594babdc8bd54d6999595d70115b34828b8ee5390428af5844379c1bd0c9d
- SHA512
  
  33a6d92c35385ef055d5bf66a0d7e399dbc180919e539297c25dead04069bb197621ee5ad383f51f1fe2e84617c5058bd4579f756d5f31caa147edc11550dcb4
- SSDEEP
  
  6144:24iMl0cTsm0bgBX0hMRF1ZK14TGZNciAeAxp:24iG5sm0b+Eh8LKrNnGp
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan

behavioral2

smokeloaderpu10backdoortrojan