smokeloader | ac29f15d70b152f3654b02e2614440ac34163661178e2901dcaff46065acf0e5 | Triage

Sharing

General

Target

624c2a77dcb7007979cf123da46497a9c66fe49cd7450f26b6018f45bd756d68.zip
Size

228KB
Sample

230630-pkzegsbh5x
MD5

29f941f6b782de6aafaa884380969a63
SHA1

6905af672d5ae8ae24c1c6a79889fe2ed28b19d2
SHA256

ac29f15d70b152f3654b02e2614440ac34163661178e2901dcaff46065acf0e5
SHA512

fe9fe3d9a03515534d12cd90d318a283633a608deab0dd9e1115ff4b0725a7c069608ed8456ca803caedd52df1464face65a30ea2ecdd1f4cdb36e936829b427
SSDEEP

6144:B6FzJV39BSOxpifkpqqeXTG1zzbYL7e0RifpbGj4QQuD:B6BJV/zCDoAK0yRGsi

Score

10^/10

smokeloader lab backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  624c2a77dcb7007979cf123da46497a9c66fe49cd7450f26b6018f45bd756d68.exe
- Size
  
  366KB
- MD5
  
  b826ede76c8d08563b330b07137ab9ab
- SHA1
  
  b0c5e23043b7a1f8d334f12041246251becc84d5
- SHA256
  
  624c2a77dcb7007979cf123da46497a9c66fe49cd7450f26b6018f45bd756d68
- SHA512
  
  43cf20dbe86c4d26a9bb5cf5a99202815b8155b1bad1e7dcb30f33f569770650ed33e737d656c2e93cdab65ee3ce6e947cd22634d9391b5f0a073375bb35c674
- SSDEEP
  
  6144:PFeLlgkqbNpznQfrkpqq39oxupmL0zSjT:Ps+ksj9oxupmL0
Score

10^/10

smokeloader lab backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoortrojan

behavioral2

smokeloaderlabbackdoortrojan