smokeloader | 12889fee71ac155701d69f77606a2e37acbbf17c82647c24e66b158fee171427 | Triage

Sharing

General

Target

12889fee71ac155701d69f77606a2e37acbbf17c82647c24e66b158fee171427
Size

234KB
Sample

230601-ysws1agg2x
MD5

a43e6a2d6e79954e6002af27ce81928e
SHA1

7d366d436e5fb525fcb50e2ce50a4c61cc2bb355
SHA256

12889fee71ac155701d69f77606a2e37acbbf17c82647c24e66b158fee171427
SHA512

22d88c73a1152455c39df896a57891fea4200f5fe82919cb8ddc326a504bf8db767df790f3b75de3f468bc62d70ce28921ff6c3549c4df6571a8a70302522a6d
SSDEEP

3072:XX6iLit3rAJn4a5ZD7tElPBroUryNZEnxVOAj7dqDILP386IZf8065rx+:HfAl+JtEoUAZExQc7MEb08Fo

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  12889fee71ac155701d69f77606a2e37acbbf17c82647c24e66b158fee171427
- Size
  
  234KB
- MD5
  
  a43e6a2d6e79954e6002af27ce81928e
- SHA1
  
  7d366d436e5fb525fcb50e2ce50a4c61cc2bb355
- SHA256
  
  12889fee71ac155701d69f77606a2e37acbbf17c82647c24e66b158fee171427
- SHA512
  
  22d88c73a1152455c39df896a57891fea4200f5fe82919cb8ddc326a504bf8db767df790f3b75de3f468bc62d70ce28921ff6c3549c4df6571a8a70302522a6d
- SSDEEP
  
  3072:XX6iLit3rAJn4a5ZD7tElPBroUryNZEnxVOAj7dqDILP386IZf8065rx+:HfAl+JtEoUAZExQc7MEb08Fo
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan