smokeloader | a00c537f68de7be45dc7217fde63fb0a2dd94cfb7803a02d2fe7135c1fe4d320 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

324KB
Sample

230425-atgtgafe22
MD5

a8ed6da71a4ac8b89910b4aa520ae02f
SHA1

ef88b67b9d9059c6278c3e3954ad90ea1ab7e9cf
SHA256

a00c537f68de7be45dc7217fde63fb0a2dd94cfb7803a02d2fe7135c1fe4d320
SHA512

972f230a639bf1a0b721a7487cff9750ba56015591ab095ea2138f0d9013b43169a55c30d0f44a52371de7e682840a01c10e7fccef2d4d9e7cc71dbe9ac0d156
SSDEEP

6144:GmTXAtcTKbLgDGl+47/mejlsXzOhkVVjgRUc:GmTQWKbcDEx7eeqDLjgSc

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  324KB
- MD5
  
  a8ed6da71a4ac8b89910b4aa520ae02f
- SHA1
  
  ef88b67b9d9059c6278c3e3954ad90ea1ab7e9cf
- SHA256
  
  a00c537f68de7be45dc7217fde63fb0a2dd94cfb7803a02d2fe7135c1fe4d320
- SHA512
  
  972f230a639bf1a0b721a7487cff9750ba56015591ab095ea2138f0d9013b43169a55c30d0f44a52371de7e682840a01c10e7fccef2d4d9e7cc71dbe9ac0d156
- SSDEEP
  
  6144:GmTXAtcTKbLgDGl+47/mejlsXzOhkVVjgRUc:GmTQWKbcDEx7eeqDLjgSc
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan