smokeloader | 2e229f0a4035b58e6c24c519e93f56a9aad7af92405c8604e5e8cb1d23174f43 | Triage

Sharing

General

Target

2e229f0a4035b58e6c24c519e93f56a9aad7af92405c8604e5e8cb1d23174f43
Size

205KB
Sample

230608-e5geasca73
MD5

3a66a27b79651f7c45a136a08a44a571
SHA1

2c5ef7ea40a7f24c559818e25a166cacb9b0c6fa
SHA256

2e229f0a4035b58e6c24c519e93f56a9aad7af92405c8604e5e8cb1d23174f43
SHA512

26478e3bace13460bc2ef257eb9032c6c6f21f015b14e9c698c52f7208b9edf8c70edfaaebe08671dc675862df6a29238e14636a27e2ee06523453c6208da5d6
SSDEEP

3072:VVsJbQ1aKw4eML540EeACDTF8K7BlXk1OahFdkogWTKb0IjMa09irQn+:+c1aXQ40Wgx80w/aV4a0Gz

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2e229f0a4035b58e6c24c519e93f56a9aad7af92405c8604e5e8cb1d23174f43
- Size
  
  205KB
- MD5
  
  3a66a27b79651f7c45a136a08a44a571
- SHA1
  
  2c5ef7ea40a7f24c559818e25a166cacb9b0c6fa
- SHA256
  
  2e229f0a4035b58e6c24c519e93f56a9aad7af92405c8604e5e8cb1d23174f43
- SHA512
  
  26478e3bace13460bc2ef257eb9032c6c6f21f015b14e9c698c52f7208b9edf8c70edfaaebe08671dc675862df6a29238e14636a27e2ee06523453c6208da5d6
- SSDEEP
  
  3072:VVsJbQ1aKw4eML540EeACDTF8K7BlXk1OahFdkogWTKb0IjMa09irQn+:+c1aXQ40Wgx80w/aV4a0Gz
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan