smokeloader | d899a41f2217dd2b2f684afd25a3eb0c5a33422ca68ed91ee14961c15fe79bce | Triage

Sharing

General

Target

d899a41f2217dd2b2f684afd25a3eb0c5a33422ca68ed91ee14961c15fe79bce
Size

333KB
Sample

230508-y8jtdaed4v
MD5

5c89232cb3ee0f1e2085471a73a05df0
SHA1

5218d6467f0581d853212d4eadea207cba2b2afd
SHA256

d899a41f2217dd2b2f684afd25a3eb0c5a33422ca68ed91ee14961c15fe79bce
SHA512

37fcf12db447139bf3a491782946897bcfbcba4a162548bd289adc84e8e35719289018a55af40a4278e2bc3455a6c861a499fa40110502b8fef5b42451270240
SSDEEP

3072:dHrhWpx9zr88GnF5kloSa4rAkDX88A4smU2nPkpXfXuO2nAFYVPpOEVx4m0L:dmx5qHku3bkg85smkpXfuO2nAF6P

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d899a41f2217dd2b2f684afd25a3eb0c5a33422ca68ed91ee14961c15fe79bce
- Size
  
  333KB
- MD5
  
  5c89232cb3ee0f1e2085471a73a05df0
- SHA1
  
  5218d6467f0581d853212d4eadea207cba2b2afd
- SHA256
  
  d899a41f2217dd2b2f684afd25a3eb0c5a33422ca68ed91ee14961c15fe79bce
- SHA512
  
  37fcf12db447139bf3a491782946897bcfbcba4a162548bd289adc84e8e35719289018a55af40a4278e2bc3455a6c861a499fa40110502b8fef5b42451270240
- SSDEEP
  
  3072:dHrhWpx9zr88GnF5kloSa4rAkDX88A4smU2nPkpXfXuO2nAFYVPpOEVx4m0L:dmx5qHku3bkg85smkpXfuO2nAF6P
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan