smokeloader | ba8af3ac5b309bcf3774ce5998379bba87c890e7c8bbd9b0ac870c4121b88340 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba8af3ac5b309bcf3774ce5998379bba87c890e7c8bbd9b0ac870c4121b88340
Size

282KB
Sample

230528-l3mxmafc6x
MD5

c1ecb343b4d1fc8abf8fee62cbfeaaf5
SHA1

e94d2e219f5f206a9c50ddba828cbd0ec2d36573
SHA256

ba8af3ac5b309bcf3774ce5998379bba87c890e7c8bbd9b0ac870c4121b88340
SHA512

7bc7e8f9ffbd614f19124646a0b4434a8a4328403cfa3ad0ba1b9c8f15be84cac42d2a36dc11d6199ad30b64bc68d5e63c16cf9d2dd81397f0b666531a7c37ff
SSDEEP

3072:EpPbUgVBgWR2oNDMe/U67SwUvTT2riV00F/35mLfVtn5gtTti98S6:CbUghR2oNZ/PebvTTfUmtTti98p

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ba8af3ac5b309bcf3774ce5998379bba87c890e7c8bbd9b0ac870c4121b88340
- Size
  
  282KB
- MD5
  
  c1ecb343b4d1fc8abf8fee62cbfeaaf5
- SHA1
  
  e94d2e219f5f206a9c50ddba828cbd0ec2d36573
- SHA256
  
  ba8af3ac5b309bcf3774ce5998379bba87c890e7c8bbd9b0ac870c4121b88340
- SHA512
  
  7bc7e8f9ffbd614f19124646a0b4434a8a4328403cfa3ad0ba1b9c8f15be84cac42d2a36dc11d6199ad30b64bc68d5e63c16cf9d2dd81397f0b666531a7c37ff
- SSDEEP
  
  3072:EpPbUgVBgWR2oNDMe/U67SwUvTT2riV00F/35mLfVtn5gtTti98S6:CbUghR2oNZ/PebvTTfUmtTti98p
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan