smokeloader | 206ed1c73eaeb656b871a75016273e8f893b79ad3d9fa7102fe3de0e01aefefe | Triage

Sharing

General

Target

206ed1c73eaeb656b871a75016273e8f893b79ad3d9fa7102fe3de0e01aefefe
Size

216KB
Sample

230426-vyd9csag92
MD5

a9c013daef4b72f9cd4be407a3bbdf14
SHA1

ff24239f31994e6b292604703113dd79dd1561f0
SHA256

206ed1c73eaeb656b871a75016273e8f893b79ad3d9fa7102fe3de0e01aefefe
SHA512

c2afa59e6ec9b65d7ba850753a72f376d219d7cf31566545e8e123b73e0719004cf6ba17671427a6b035f2d4cd44b94827698e535d40aae9aa2128019a5c2f72
SSDEEP

3072:TEBYusOtAJMIpLhHApBJHJhe8DFo5qWj50:QHsOtAJNdHiBJHzBF3Wj

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  206ed1c73eaeb656b871a75016273e8f893b79ad3d9fa7102fe3de0e01aefefe
- Size
  
  216KB
- MD5
  
  a9c013daef4b72f9cd4be407a3bbdf14
- SHA1
  
  ff24239f31994e6b292604703113dd79dd1561f0
- SHA256
  
  206ed1c73eaeb656b871a75016273e8f893b79ad3d9fa7102fe3de0e01aefefe
- SHA512
  
  c2afa59e6ec9b65d7ba850753a72f376d219d7cf31566545e8e123b73e0719004cf6ba17671427a6b035f2d4cd44b94827698e535d40aae9aa2128019a5c2f72
- SSDEEP
  
  3072:TEBYusOtAJMIpLhHApBJHJhe8DFo5qWj50:QHsOtAJNdHiBJHzBF3Wj
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan