smokeloader | 97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf | Triage

Sharing

General

Target

97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf
Size

242KB
Sample

230502-fznrvsbf2x
MD5

de4051285d12096532fdcfaa75745df4
SHA1

ae0403ed3814c5d6b7f63367a48182a88be0afdb
SHA256

97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf
SHA512

26bf8de78778a151c834c233e519485c7dceb412f4ed6a88b44117cfe17d96258879b6d07e5f165e8f879209a5b6a337764a6770c5096d3ab5dc9d69de389261
SSDEEP

3072:P5oq4YGfpBrPDU8UEbHE71aDs/tCZLGb3+kvA9PmtT0/QqVK74:PHwz7SELEpNVsGyFtmiQS

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf
- Size
  
  242KB
- MD5
  
  de4051285d12096532fdcfaa75745df4
- SHA1
  
  ae0403ed3814c5d6b7f63367a48182a88be0afdb
- SHA256
  
  97e0c30c9590fe5683af527735a2834e40eaefeb1693267dcfa344599a56a7cf
- SHA512
  
  26bf8de78778a151c834c233e519485c7dceb412f4ed6a88b44117cfe17d96258879b6d07e5f165e8f879209a5b6a337764a6770c5096d3ab5dc9d69de389261
- SSDEEP
  
  3072:P5oq4YGfpBrPDU8UEbHE71aDs/tCZLGb3+kvA9PmtT0/QqVK74:PHwz7SELEpNVsGyFtmiQS
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan