smokeloader | 2f3be384c4e951d1599cf06ef4e6bbf2e5d4335a1f251b6dd576c0669ef266af | Triage

Sharing

General

Target

2f3be384c4e951d1599cf06ef.exe
Size

233KB
Sample

230709-r99mvsdd74
MD5

9defc0b6fdc6fc445e9d93b1d191ec59
SHA1

60e85790189d4b4b066672e35eae7c1e2ec0dfa4
SHA256

2f3be384c4e951d1599cf06ef4e6bbf2e5d4335a1f251b6dd576c0669ef266af
SHA512

4146667d54663f04ac0b3def982e01f4452ed48d96ab8734c9cffe9f282c5689ce98c09463d60e5d1b5035332f02f688f1013d6c9c43563ebeb4b067d0d37aad
SSDEEP

3072:OV4IglKhU2/dDGHfDH/NW3NwxuINxtIx/4:1rK+2pggNwvx

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2f3be384c4e951d1599cf06ef.exe
- Size
  
  233KB
- MD5
  
  9defc0b6fdc6fc445e9d93b1d191ec59
- SHA1
  
  60e85790189d4b4b066672e35eae7c1e2ec0dfa4
- SHA256
  
  2f3be384c4e951d1599cf06ef4e6bbf2e5d4335a1f251b6dd576c0669ef266af
- SHA512
  
  4146667d54663f04ac0b3def982e01f4452ed48d96ab8734c9cffe9f282c5689ce98c09463d60e5d1b5035332f02f688f1013d6c9c43563ebeb4b067d0d37aad
- SSDEEP
  
  3072:OV4IglKhU2/dDGHfDH/NW3NwxuINxtIx/4:1rK+2pggNwvx
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan