smokeloader | b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3 | Triage

Sharing

General

Target

b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3
Size

292KB
Sample

230506-hdps5sgc76
MD5

c366679cf1cea1580a40f1930a279f63
SHA1

073543dd73c91342c8989eee466eafe57fbde224
SHA256

b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3
SHA512

c4475dc744c46d3c30036853f6a5d1a71dbf7f959aa702df5a1768b6faf9ddfa63d0995d084338e44490787bd27e7df79e2a8f84857e89b04565ed447bb53a84
SSDEEP

3072:FngqDVtYJYO6Jh4/FmRr7G3QfHR8hvFeNsezyBefIO5JVyLoCV5eHCPK:3AJY6/QVyOyysO5J+oCwCPK

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3
- Size
  
  292KB
- MD5
  
  c366679cf1cea1580a40f1930a279f63
- SHA1
  
  073543dd73c91342c8989eee466eafe57fbde224
- SHA256
  
  b8c36cfa1ede14bc94a65ec3233d516d7bf38d3adc39b9c7a6ee53b03454f3c3
- SHA512
  
  c4475dc744c46d3c30036853f6a5d1a71dbf7f959aa702df5a1768b6faf9ddfa63d0995d084338e44490787bd27e7df79e2a8f84857e89b04565ed447bb53a84
- SSDEEP
  
  3072:FngqDVtYJYO6Jh4/FmRr7G3QfHR8hvFeNsezyBefIO5JVyLoCV5eHCPK:3AJY6/QVyOyysO5J+oCwCPK
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan