smokeloader | 015446106849e64c790d08cf9ccc81523b1022f358b7f3f22b0faf6dce4d1cd9 | Triage

Sharing

General

Target

015446106849e64c790d08cf9ccc81523b1022f358b7f3f22b0faf6dce4d1cd9
Size

242KB
Sample

230506-yxmqwscg91
MD5

09a1725daaf1251d94df08e7843e8fbc
SHA1

51d374e7116ce7ed758e50001a095fa55536f63e
SHA256

015446106849e64c790d08cf9ccc81523b1022f358b7f3f22b0faf6dce4d1cd9
SHA512

5b7c16fb4e1fa8327c91c2005922752917cd24a709d915d92b92a2ae527c1595bbc34383039de7f68334fdcd706c22d949f1356b0bd997c5e07e5f168d3ee483
SSDEEP

3072:J9y9e2AlBQTJU5pE4wjA2fjK10siMnS2lZecRoAEf59QivqO8ZX:6TiK+fvwk2kE4eyo19LqO8

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  015446106849e64c790d08cf9ccc81523b1022f358b7f3f22b0faf6dce4d1cd9
- Size
  
  242KB
- MD5
  
  09a1725daaf1251d94df08e7843e8fbc
- SHA1
  
  51d374e7116ce7ed758e50001a095fa55536f63e
- SHA256
  
  015446106849e64c790d08cf9ccc81523b1022f358b7f3f22b0faf6dce4d1cd9
- SHA512
  
  5b7c16fb4e1fa8327c91c2005922752917cd24a709d915d92b92a2ae527c1595bbc34383039de7f68334fdcd706c22d949f1356b0bd997c5e07e5f168d3ee483
- SSDEEP
  
  3072:J9y9e2AlBQTJU5pE4wjA2fjK10siMnS2lZecRoAEf59QivqO8ZX:6TiK+fvwk2kE4eyo19LqO8
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan