smokeloader | 1b0638b195c4605c78a20e7335e63f1c4f6cfaebfa9e6553bee795cf311cb390 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b0638b195c4605c78a20e7335e63f1c4f6cfaebfa9e6553bee795cf311cb390
Size

325KB
Sample

230511-fdxsmsbg54
MD5

4c0831b4e751117184b52251e0bfb467
SHA1

f3b72860a423565050ab4a764728207d8c60c87f
SHA256

1b0638b195c4605c78a20e7335e63f1c4f6cfaebfa9e6553bee795cf311cb390
SHA512

9785ca24b7514a24d38901f620a9ba1eaed9d6e0a563260858dd22ad23129188738bc620c3f40b0f2a1c842c17306e58f0f0767f87530534d6b1a784f7e49e68
SSDEEP

3072:M7mebYfcAUNuImcfigF7G16EgnMiuNqY2NZcr6vLX+BGCIJsNoENT138wT:z1fcXBfhlMniuNqJY0LgGCIMNH

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1b0638b195c4605c78a20e7335e63f1c4f6cfaebfa9e6553bee795cf311cb390
- Size
  
  325KB
- MD5
  
  4c0831b4e751117184b52251e0bfb467
- SHA1
  
  f3b72860a423565050ab4a764728207d8c60c87f
- SHA256
  
  1b0638b195c4605c78a20e7335e63f1c4f6cfaebfa9e6553bee795cf311cb390
- SHA512
  
  9785ca24b7514a24d38901f620a9ba1eaed9d6e0a563260858dd22ad23129188738bc620c3f40b0f2a1c842c17306e58f0f0767f87530534d6b1a784f7e49e68
- SSDEEP
  
  3072:M7mebYfcAUNuImcfigF7G16EgnMiuNqY2NZcr6vLX+BGCIJsNoENT138wT:z1fcXBfhlMniuNqJY0LgGCIMNH
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan