smokeloader | 9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d | Triage

Sharing

General

Target

9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d
Size

305KB
Sample

230502-eh4lbahf35
MD5

1ba1e8e3e12a5bb2cdabfe63b5c538a0
SHA1

2c060a2fc85a4f8ebe91279a7c122f6b34e4d080
SHA256

9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d
SHA512

a2d2a07ab8d627f3a356dcfeee41157a0d925f54f2b60c8053e14b1a607357a57079b97763ca13cd343226a15b9fbb87631571c54491d75ae998f28ef5aaa4ae
SSDEEP

3072://DksHOYgdiKs/0gUhGmLDyHuO1i/IC6Dpz9TMK5ngTZ75jJh/SoSfECMceK85:XDksHQdiKbhGm/415C8MK5olz3c6

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d
- Size
  
  305KB
- MD5
  
  1ba1e8e3e12a5bb2cdabfe63b5c538a0
- SHA1
  
  2c060a2fc85a4f8ebe91279a7c122f6b34e4d080
- SHA256
  
  9ce567b97d44dd54a3bb7ca097f2e3b78819ff878ae8e5318367169e88558c4d
- SHA512
  
  a2d2a07ab8d627f3a356dcfeee41157a0d925f54f2b60c8053e14b1a607357a57079b97763ca13cd343226a15b9fbb87631571c54491d75ae998f28ef5aaa4ae
- SSDEEP
  
  3072://DksHOYgdiKs/0gUhGmLDyHuO1i/IC6Dpz9TMK5ngTZ75jJh/SoSfECMceK85:XDksHQdiKbhGm/415C8MK5olz3c6
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan