smokeloader | 33930ac5b5a58d7b66f205e0e131e29b2ea421316a07b4a4020db722c399f66d | Triage

Sharing

General

Target

33930ac5b5a58d7b66f205e0e131e29b2ea421316a07b4a4020db722c399f66d
Size

314KB
Sample

230509-fg198sec66
MD5

6e8d381d6ab9cdd0dc5b09afbbdc3b9c
SHA1

df7e124cc58e4b9c7767fbaacb707f485779deca
SHA256

33930ac5b5a58d7b66f205e0e131e29b2ea421316a07b4a4020db722c399f66d
SHA512

b69cdc09fe79596d7ff7dde899ddafdf8ba5d2a7ea0757fe4fa9e577e9d293ae7a88748af1a11c22742c599bd6ea4a4918cf58ad94217872265598c77a7f389f
SSDEEP

3072:wpXcVYplL5WuLSJRRz5SJlER7zyH2yxxNE4T83HlyV5T1hr5EdjlGoy69NCis+:IcVYpllLLSnRVWl6P62yREyV5W/9h

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  33930ac5b5a58d7b66f205e0e131e29b2ea421316a07b4a4020db722c399f66d
- Size
  
  314KB
- MD5
  
  6e8d381d6ab9cdd0dc5b09afbbdc3b9c
- SHA1
  
  df7e124cc58e4b9c7767fbaacb707f485779deca
- SHA256
  
  33930ac5b5a58d7b66f205e0e131e29b2ea421316a07b4a4020db722c399f66d
- SHA512
  
  b69cdc09fe79596d7ff7dde899ddafdf8ba5d2a7ea0757fe4fa9e577e9d293ae7a88748af1a11c22742c599bd6ea4a4918cf58ad94217872265598c77a7f389f
- SSDEEP
  
  3072:wpXcVYplL5WuLSJRRz5SJlER7zyH2yxxNE4T83HlyV5T1hr5EdjlGoy69NCis+:IcVYpllLLSnRVWl6P62yREyV5W/9h
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan