smokeloader | 432287785e9456bb79c6f6c4c380a3a031d66f57c8389605ec69c383ad0d22f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

432287785e9456bb79c6f6c4c380a3a031d66f57c8389605ec69c383ad0d22f7
Size

249KB
Sample

230530-pqa9vahe64
MD5

875a840800e2b21ea514555ec2f40e4a
SHA1

e1c6f8dec8196e7cc66a6b535716ae9d0e7501bc
SHA256

432287785e9456bb79c6f6c4c380a3a031d66f57c8389605ec69c383ad0d22f7
SHA512

95535a13b112776557715b011f089398bfd2cefc4ea541eb5a88602a5db2c008244312ef06cc63ba007ff64bc85fa78f003f60eb46eb04efd05f7d498bb3e783
SSDEEP

3072:RcZzeEj3NLY8rCOnY2VSlWW5sijvYyErK3ZHVRcWEE5BTs/B1DA5a5M:2Z6Ej9NrnmfMyErKJ1+KTMYa5

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  432287785e9456bb79c6f6c4c380a3a031d66f57c8389605ec69c383ad0d22f7
- Size
  
  249KB
- MD5
  
  875a840800e2b21ea514555ec2f40e4a
- SHA1
  
  e1c6f8dec8196e7cc66a6b535716ae9d0e7501bc
- SHA256
  
  432287785e9456bb79c6f6c4c380a3a031d66f57c8389605ec69c383ad0d22f7
- SHA512
  
  95535a13b112776557715b011f089398bfd2cefc4ea541eb5a88602a5db2c008244312ef06cc63ba007ff64bc85fa78f003f60eb46eb04efd05f7d498bb3e783
- SSDEEP
  
  3072:RcZzeEj3NLY8rCOnY2VSlWW5sijvYyErK3ZHVRcWEE5BTs/B1DA5a5M:2Z6Ej9NrnmfMyErKJ1+KTMYa5
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan