smokeloader | 1ae9d45615503cf43c96198c6dc637fc4ae7ae3b1aad05b76469d573206e9973 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ae9d45615503cf43c96198c6dc637fc4ae7ae3b1aad05b76469d573206e9973
Size

321KB
Sample

230512-xyhmwsec43
MD5

316b322530668579ef7831c75639165e
SHA1

0ad243833117bb01748b6c26cfda94b70e2b55f7
SHA256

1ae9d45615503cf43c96198c6dc637fc4ae7ae3b1aad05b76469d573206e9973
SHA512

6765e7cf2e84304cd60e39c5f8097df0fa2e43d1327e000f1289574009790672ad7a0cef2f10cf481a52d1d0478d652cf8c2b99e02c666ad09a2055121f4523d
SSDEEP

3072:zbz4cftmhoJzjcxOBY6xiJ+UVeHgq2nPBKLZbvB9o092HywY7HUi/9W2KPp7t:0oawjck26LGKqnPBKR5zudw055

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1ae9d45615503cf43c96198c6dc637fc4ae7ae3b1aad05b76469d573206e9973
- Size
  
  321KB
- MD5
  
  316b322530668579ef7831c75639165e
- SHA1
  
  0ad243833117bb01748b6c26cfda94b70e2b55f7
- SHA256
  
  1ae9d45615503cf43c96198c6dc637fc4ae7ae3b1aad05b76469d573206e9973
- SHA512
  
  6765e7cf2e84304cd60e39c5f8097df0fa2e43d1327e000f1289574009790672ad7a0cef2f10cf481a52d1d0478d652cf8c2b99e02c666ad09a2055121f4523d
- SSDEEP
  
  3072:zbz4cftmhoJzjcxOBY6xiJ+UVeHgq2nPBKLZbvB9o092HywY7HUi/9W2KPp7t:0oawjck26LGKqnPBKR5zudw055
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan