smokeloader | fe2f3a136edc8732efd7eab235159b6885dfe33b1874e9da8b14ea043ba1f8cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe2f3a136edc8732efd7eab235159b6885dfe33b1874e9da8b14ea043ba1f8cc
Size

333KB
Sample

230509-esb9taeb85
MD5

413ac80377b4d1bfa306e1f072b335ca
SHA1

0fc946cb7e8378db3fb1a3ac422abacf3bf7bfb9
SHA256

fe2f3a136edc8732efd7eab235159b6885dfe33b1874e9da8b14ea043ba1f8cc
SHA512

c6cd906aa8c589d6154a03dc662a1f4bd782f57ab446787c79f9c086221794ebe50bcd0871b9284cec5db0a29f8758ae5fc82857acce5e32e57482a6e3e00011
SSDEEP

3072:dnzWprojxWKlZC0ElxPaarAcL0a/Ez5h5BYdHhvp4EVx4K0L:dYrY39E7SBcL5/Ez57MH3h

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fe2f3a136edc8732efd7eab235159b6885dfe33b1874e9da8b14ea043ba1f8cc
- Size
  
  333KB
- MD5
  
  413ac80377b4d1bfa306e1f072b335ca
- SHA1
  
  0fc946cb7e8378db3fb1a3ac422abacf3bf7bfb9
- SHA256
  
  fe2f3a136edc8732efd7eab235159b6885dfe33b1874e9da8b14ea043ba1f8cc
- SHA512
  
  c6cd906aa8c589d6154a03dc662a1f4bd782f57ab446787c79f9c086221794ebe50bcd0871b9284cec5db0a29f8758ae5fc82857acce5e32e57482a6e3e00011
- SSDEEP
  
  3072:dnzWprojxWKlZC0ElxPaarAcL0a/Ez5h5BYdHhvp4EVx4K0L:dYrY39E7SBcL5/Ez57MH3h
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan