smokeloader | 76d53f3883e30802c2411a12e3ff46dfccac84c1e83c630fcf37236e585f883c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76d53f3883e30802c2411a12e.exe
Size

233KB
Sample

230709-thmecseh3x
MD5

98e71a0d9b3d1c9c2e75f248129174bd
SHA1

1ce86ee6f5f3dc7fc475a713f08df849f01705ac
SHA256

76d53f3883e30802c2411a12e3ff46dfccac84c1e83c630fcf37236e585f883c
SHA512

82b2e6a9526c20701f01efe2644eb56f0e2c157114c5ee257787cd384faa01ee06afbb793fd0e5d204e35f10a1381acab943d2f65970680b8845c936cd66bd23
SSDEEP

3072:KG4Iaf3ETBK3cxDLUKuFz2P0E5Q7p87vD7TBrq/4:gjEECoKuh2MUQ7+

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  76d53f3883e30802c2411a12e.exe
- Size
  
  233KB
- MD5
  
  98e71a0d9b3d1c9c2e75f248129174bd
- SHA1
  
  1ce86ee6f5f3dc7fc475a713f08df849f01705ac
- SHA256
  
  76d53f3883e30802c2411a12e3ff46dfccac84c1e83c630fcf37236e585f883c
- SHA512
  
  82b2e6a9526c20701f01efe2644eb56f0e2c157114c5ee257787cd384faa01ee06afbb793fd0e5d204e35f10a1381acab943d2f65970680b8845c936cd66bd23
- SSDEEP
  
  3072:KG4Iaf3ETBK3cxDLUKuFz2P0E5Q7p87vD7TBrq/4:gjEECoKuh2MUQ7+
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan