smokeloader | 28c11c0c471c73d30ebdbfc022f30c5be0c4878f8903c34f1dbaef5f200c73ca | Triage

Sharing

General

Target

28c11c0c471c73d30ebdbfc022f30c5be0c4878f8903c34f1dbaef5f200c73ca
Size

215KB
Sample

230425-p6ay1sad87
MD5

16a53e1b1ca4d25d135e8d7f59c21b86
SHA1

f8aa9d5179570886670d7a15bbf09880e99cfc93
SHA256

28c11c0c471c73d30ebdbfc022f30c5be0c4878f8903c34f1dbaef5f200c73ca
SHA512

4356f6c58fa9f820eba95673af6e8e7d94bc25ccc2303f07f08e7799ca368cf9f2229c4a89e1e3d4c6b580bb0641ac307a2e773489abf6400c746614590c0218
SSDEEP

3072:q1osos+2pT4IyARnsE+rCAO0VRu+WWBgciLrCChWiQ5voyWp:Z2VcAT+rCN0Hu++cYC8eoxp

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  28c11c0c471c73d30ebdbfc022f30c5be0c4878f8903c34f1dbaef5f200c73ca
- Size
  
  215KB
- MD5
  
  16a53e1b1ca4d25d135e8d7f59c21b86
- SHA1
  
  f8aa9d5179570886670d7a15bbf09880e99cfc93
- SHA256
  
  28c11c0c471c73d30ebdbfc022f30c5be0c4878f8903c34f1dbaef5f200c73ca
- SHA512
  
  4356f6c58fa9f820eba95673af6e8e7d94bc25ccc2303f07f08e7799ca368cf9f2229c4a89e1e3d4c6b580bb0641ac307a2e773489abf6400c746614590c0218
- SSDEEP
  
  3072:q1osos+2pT4IyARnsE+rCAO0VRu+WWBgciLrCChWiQ5voyWp:Z2VcAT+rCN0Hu++cYC8eoxp
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan