smokeloader | a195a0d27bf00729b95e17c6d48b2889a35ba8932897835373ccf33473dc35d1 | Triage

Sharing

General

Target

a195a0d27bf00729b95e17c6d48b2889a35ba8932897835373ccf33473dc35d1
Size

215KB
Sample

230425-wh4pracb23
MD5

f65074a369897b07e92d26d533186ba0
SHA1

9a91414e3718134cd27eef6dcbaae53c6c5cc750
SHA256

a195a0d27bf00729b95e17c6d48b2889a35ba8932897835373ccf33473dc35d1
SHA512

e177671e5d411878ab07f83405ed27641a9c64c44f6f635251d6c5bf5c33e00483c69b50fae9fc87a620f3f9dd03fcb5b4ef4f60c90f05a3f1a919bc75654567
SSDEEP

3072:6zoH9Pho19XzAEH4QddPck2PmLOpvcwEF67w65yZn3nKfl:H9yjYOO4IEwuZn3n

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a195a0d27bf00729b95e17c6d48b2889a35ba8932897835373ccf33473dc35d1
- Size
  
  215KB
- MD5
  
  f65074a369897b07e92d26d533186ba0
- SHA1
  
  9a91414e3718134cd27eef6dcbaae53c6c5cc750
- SHA256
  
  a195a0d27bf00729b95e17c6d48b2889a35ba8932897835373ccf33473dc35d1
- SHA512
  
  e177671e5d411878ab07f83405ed27641a9c64c44f6f635251d6c5bf5c33e00483c69b50fae9fc87a620f3f9dd03fcb5b4ef4f60c90f05a3f1a919bc75654567
- SSDEEP
  
  3072:6zoH9Pho19XzAEH4QddPck2PmLOpvcwEF67w65yZn3nKfl:H9yjYOO4IEwuZn3n
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan