smokeloader | 60b84f01d1be22a277593eecf5f2367a3db808595de89de557e86c117550d5bc | Triage

Sharing

General

Target

setup.exe
Size

324KB
Sample

230425-axxn4ahc4s
MD5

c9451c2bd0bf81c1ac0953d36264bd7f
SHA1

fdb71554dbed1071bbd713011aa5489cc94b062e
SHA256

60b84f01d1be22a277593eecf5f2367a3db808595de89de557e86c117550d5bc
SHA512

52e4a7975ce39b2e6ed91de81a1ac97f22a89837df4231d4a125d1b84bc8aa9856c446f404293cbb6cbdcc3771d6c59d3e2cae40c151df98b76d5ec868ba00d1
SSDEEP

6144:J9shrHa0RHJ7m6pP4bzRvkWaN7qDZFJxvqm/l:J9sRrHJ7m6pQblvOJqVcyl

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  setup.exe
- Size
  
  324KB
- MD5
  
  c9451c2bd0bf81c1ac0953d36264bd7f
- SHA1
  
  fdb71554dbed1071bbd713011aa5489cc94b062e
- SHA256
  
  60b84f01d1be22a277593eecf5f2367a3db808595de89de557e86c117550d5bc
- SHA512
  
  52e4a7975ce39b2e6ed91de81a1ac97f22a89837df4231d4a125d1b84bc8aa9856c446f404293cbb6cbdcc3771d6c59d3e2cae40c151df98b76d5ec868ba00d1
- SSDEEP
  
  6144:J9shrHa0RHJ7m6pP4bzRvkWaN7qDZFJxvqm/l:J9sRrHJ7m6pQblvOJqVcyl
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan

behavioral2

smokeloaderpu10backdoortrojan