smokeloader | 2f970845d185590ca2098f4700fd5339db0f736724171ff24f54fd407bcccb33 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f970845d185590ca2098f4700fd5339db0f736724171ff24f54fd407bcccb33
Size

302KB
Sample

230506-z14dgsgh9y
MD5

922a2e1219d1fe14deebc4ce78a39c31
SHA1

0cf9fba8841dd52d5e5b5e28f28b9e39d9811bd8
SHA256

2f970845d185590ca2098f4700fd5339db0f736724171ff24f54fd407bcccb33
SHA512

ef4f9c55740bfc368cd8a460334378a6190b7f5ccc935eeb04d0062d69bb0acab34524466716f4113e186f7f5acae5f4cb8e65eb90bc007f8f9bfc47dc67c16e
SSDEEP

3072:Ju4BZHOZWcReXzi6dKNdSp+SUwUFY+BY5zLDTHhd+:Q4BZHWRejJANdSp+phBCLHv+

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2f970845d185590ca2098f4700fd5339db0f736724171ff24f54fd407bcccb33
- Size
  
  302KB
- MD5
  
  922a2e1219d1fe14deebc4ce78a39c31
- SHA1
  
  0cf9fba8841dd52d5e5b5e28f28b9e39d9811bd8
- SHA256
  
  2f970845d185590ca2098f4700fd5339db0f736724171ff24f54fd407bcccb33
- SHA512
  
  ef4f9c55740bfc368cd8a460334378a6190b7f5ccc935eeb04d0062d69bb0acab34524466716f4113e186f7f5acae5f4cb8e65eb90bc007f8f9bfc47dc67c16e
- SSDEEP
  
  3072:Ju4BZHOZWcReXzi6dKNdSp+SUwUFY+BY5zLDTHhd+:Q4BZHWRejJANdSp+phBCLHv+
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan