smokeloader | b6ce0375ae4ce3427bb677bcc5adfda35c53cb7adbf8b4ac49f8fad5e745b092 | Triage

Sharing

General

Target

file.exe
Size

297KB
Sample

230607-xyr7bseg82
MD5

b79c954090c0eb0ac0cfe12da96253c3
SHA1

d0755e4b159a9e86a04c7351b2730202b9655a44
SHA256

b6ce0375ae4ce3427bb677bcc5adfda35c53cb7adbf8b4ac49f8fad5e745b092
SHA512

4e00e69936a7802ea253b61acdef63183001bd9176ac5d0f3a151fd555f067e212f073791fa67b7643a5e6904cccf36b5129cf3ea998bd8b66c72fdbc250c487
SSDEEP

6144:M280VAqNDcOLJhmuqYgcl5sMFVkRRSyXn:M2NnhzLfmbYBl5Zi0

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  297KB
- MD5
  
  b79c954090c0eb0ac0cfe12da96253c3
- SHA1
  
  d0755e4b159a9e86a04c7351b2730202b9655a44
- SHA256
  
  b6ce0375ae4ce3427bb677bcc5adfda35c53cb7adbf8b4ac49f8fad5e745b092
- SHA512
  
  4e00e69936a7802ea253b61acdef63183001bd9176ac5d0f3a151fd555f067e212f073791fa67b7643a5e6904cccf36b5129cf3ea998bd8b66c72fdbc250c487
- SSDEEP
  
  6144:M280VAqNDcOLJhmuqYgcl5sMFVkRRSyXn:M2NnhzLfmbYBl5Zi0
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan