smokeloader | 0e86ec889b77f7a70974c27478d3ee73374a0efad3f79357c87767d79594078d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e86ec889b77f7a70974c27478d3ee73374a0efad3f79357c87767d79594078d
Size

296KB
Sample

230513-2wvlwshg99
MD5

e2834e397d232aad75756b69585521ff
SHA1

fae2945deda863d51c159f62b1207c97923ae645
SHA256

0e86ec889b77f7a70974c27478d3ee73374a0efad3f79357c87767d79594078d
SHA512

386dd04a212fa6f2622a2590b25adbbe74837cbe8e94e72d9ee26c6296817a706ea37a4376b4907329b2b5c3a7649601f28db64b042e368abadb0529acdead56
SSDEEP

3072:hpXQDQkn6ptHXMvLByb6JmnHIepw58uF7UdrkYQ1wGA5fM5E7KPrfOE7S:TQDQk6p5XGLBM6J2UvFirQ1yT7KDO2S

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0e86ec889b77f7a70974c27478d3ee73374a0efad3f79357c87767d79594078d
- Size
  
  296KB
- MD5
  
  e2834e397d232aad75756b69585521ff
- SHA1
  
  fae2945deda863d51c159f62b1207c97923ae645
- SHA256
  
  0e86ec889b77f7a70974c27478d3ee73374a0efad3f79357c87767d79594078d
- SHA512
  
  386dd04a212fa6f2622a2590b25adbbe74837cbe8e94e72d9ee26c6296817a706ea37a4376b4907329b2b5c3a7649601f28db64b042e368abadb0529acdead56
- SSDEEP
  
  3072:hpXQDQkn6ptHXMvLByb6JmnHIepw58uF7UdrkYQ1wGA5fM5E7KPrfOE7S:TQDQk6p5XGLBM6J2UvFirQ1yT7KDO2S
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan