smokeloader | d730c1c0c70877e8563ba54af4e5292f7bec8f62e1b6b573304e0680f74e4df9 | Triage

Sharing

General

Target

d730c1c0c70877e8563ba54af4e5292f7bec8f62e1b6b573304e0680f74e4df9
Size

293KB
Sample

230506-tx4l7ahh62
MD5

6a5212706cf1d9bd17a8e78323d97a6a
SHA1

4c5202ae3320c42b796a07553ff14d2eaf0faf56
SHA256

d730c1c0c70877e8563ba54af4e5292f7bec8f62e1b6b573304e0680f74e4df9
SHA512

fde18c628da8ffe3a67f9c22f33b95646ea21d8263670986397859000ea531cd0fb1a019600f074c7cba97c60307a43564597a8124ad293200f3cf57358e17d1
SSDEEP

3072:fHk6F+HqhRFb1MKTdZQ7p1zZmUr1uLVI6nQ1+xQ45gzlt/8r05WK:jgKhb1JZuZia1+xzFTK

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d730c1c0c70877e8563ba54af4e5292f7bec8f62e1b6b573304e0680f74e4df9
- Size
  
  293KB
- MD5
  
  6a5212706cf1d9bd17a8e78323d97a6a
- SHA1
  
  4c5202ae3320c42b796a07553ff14d2eaf0faf56
- SHA256
  
  d730c1c0c70877e8563ba54af4e5292f7bec8f62e1b6b573304e0680f74e4df9
- SHA512
  
  fde18c628da8ffe3a67f9c22f33b95646ea21d8263670986397859000ea531cd0fb1a019600f074c7cba97c60307a43564597a8124ad293200f3cf57358e17d1
- SSDEEP
  
  3072:fHk6F+HqhRFb1MKTdZQ7p1zZmUr1uLVI6nQ1+xQ45gzlt/8r05WK:jgKhb1JZuZia1+xzFTK
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan