smokeloader | 8babe83f93f4409f3234fb14104f061222ec5cc5fd31e5a89e4988733255c450 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8babe83f93f4409f3234fb14104f061222ec5cc5fd31e5a89e4988733255c450
Size

239KB
Sample

230602-jlxdmaah21
MD5

e5ada34070c9c17dd96f91a551b25a7e
SHA1

4d97e462228f3763924d8925c096e31ba1e50eac
SHA256

8babe83f93f4409f3234fb14104f061222ec5cc5fd31e5a89e4988733255c450
SHA512

415766373f22f73bb0ba5fd6bd9babb980b9e5a5f88037298ce01e6c372976273ac5b5386c414aecc9fac2c55609295aa6dcc8353dcfce8f754530bbc1c5400f
SSDEEP

3072:FlRpD304bU+eRGsWzw8WYlrq90xlhqR4XV+lOAD9J6t28SuBty4:XR24bUSjw/YwOlhqm+lOkK2IP

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  8babe83f93f4409f3234fb14104f061222ec5cc5fd31e5a89e4988733255c450
- Size
  
  239KB
- MD5
  
  e5ada34070c9c17dd96f91a551b25a7e
- SHA1
  
  4d97e462228f3763924d8925c096e31ba1e50eac
- SHA256
  
  8babe83f93f4409f3234fb14104f061222ec5cc5fd31e5a89e4988733255c450
- SHA512
  
  415766373f22f73bb0ba5fd6bd9babb980b9e5a5f88037298ce01e6c372976273ac5b5386c414aecc9fac2c55609295aa6dcc8353dcfce8f754530bbc1c5400f
- SSDEEP
  
  3072:FlRpD304bU+eRGsWzw8WYlrq90xlhqR4XV+lOAD9J6t28SuBty4:XR24bUSjw/YwOlhqm+lOkK2IP
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan