smokeloader | 985e977864a3bf31e1953cf1de4465a3ce5eeafac9908598a730de1e9af1a1da | Triage

Sharing

General

Target

985e977864a3bf31e1953cf1de4465a3ce5eeafac9908598a730de1e9af1a1da
Size

223KB
Sample

230426-lkm5nsge27
MD5

10a23e5e5c59b8d1470248a72be5faeb
SHA1

48cdf8db907f4efc039c477198b11d9541306395
SHA256

985e977864a3bf31e1953cf1de4465a3ce5eeafac9908598a730de1e9af1a1da
SHA512

c618b4d7c0c41629f0279e1d6c14f84908d2da6f3b8cd98be444757c1c12e236068604e55f81b3b05bbb2e2cc1cad0e3a88e586361a71dbce3e213061765a295
SSDEEP

3072:WIMolJB8OtFSTWZk9FRhKUMb4jYgQLRZiitUPX4q56lm22Td:LDUTWCiNqgTzt1oT

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  985e977864a3bf31e1953cf1de4465a3ce5eeafac9908598a730de1e9af1a1da
- Size
  
  223KB
- MD5
  
  10a23e5e5c59b8d1470248a72be5faeb
- SHA1
  
  48cdf8db907f4efc039c477198b11d9541306395
- SHA256
  
  985e977864a3bf31e1953cf1de4465a3ce5eeafac9908598a730de1e9af1a1da
- SHA512
  
  c618b4d7c0c41629f0279e1d6c14f84908d2da6f3b8cd98be444757c1c12e236068604e55f81b3b05bbb2e2cc1cad0e3a88e586361a71dbce3e213061765a295
- SSDEEP
  
  3072:WIMolJB8OtFSTWZk9FRhKUMb4jYgQLRZiitUPX4q56lm22Td:LDUTWCiNqgTzt1oT
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan