smokeloader | 6953b39b6513aee596de3b6fa04ced358bd0d42c1f980a353144cc03376dd92b | Triage

Sharing

General

Target

6953b39b6513aee596de3b6fa04ced358bd0d42c1f980a353144cc03376dd92b
Size

284KB
Sample

230513-kmeewaab4v
MD5

f47f50690e032ff7621da11930f4a4aa
SHA1

f8be21b28e9d687d3930223396e93d868b880b5e
SHA256

6953b39b6513aee596de3b6fa04ced358bd0d42c1f980a353144cc03376dd92b
SHA512

c8403489f4f19013aaecb79df613cde28bdb25ae2a8d5622ee28243c86b81c6f4f3ab1b9a9e08eea2561deb58fbeead87373404e17ef0e4fe1ada915d3c22c22
SSDEEP

3072:xpX26+SEBL2eAT5edSnVmhCusOp8oIbE4gIDKs4jAW4jTG58mwKblu8MIZ:DP+fL2rT5eSVmhCbVPbE4gJLUWwmFfZ

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6953b39b6513aee596de3b6fa04ced358bd0d42c1f980a353144cc03376dd92b
- Size
  
  284KB
- MD5
  
  f47f50690e032ff7621da11930f4a4aa
- SHA1
  
  f8be21b28e9d687d3930223396e93d868b880b5e
- SHA256
  
  6953b39b6513aee596de3b6fa04ced358bd0d42c1f980a353144cc03376dd92b
- SHA512
  
  c8403489f4f19013aaecb79df613cde28bdb25ae2a8d5622ee28243c86b81c6f4f3ab1b9a9e08eea2561deb58fbeead87373404e17ef0e4fe1ada915d3c22c22
- SSDEEP
  
  3072:xpX26+SEBL2eAT5edSnVmhCusOp8oIbE4gIDKs4jAW4jTG58mwKblu8MIZ:DP+fL2rT5eSVmhCbVPbE4gJLUWwmFfZ
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan