smokeloader | 5bfb4d5396885afd7f961ea33a3f3915161f45c4c74224a96fea4aec1d9966e0 | Triage

Sharing

General

Target

5bfb4d5396885afd7f961ea33a3f3915161f45c4c74224a96fea4aec1d9966e0
Size

228KB
Sample

230710-eswcpagf42
MD5

003c599d2e92f035f59581d97f8bb8dd
SHA1

912c3e1992213457df342cc7526ffbadd0e88300
SHA256

5bfb4d5396885afd7f961ea33a3f3915161f45c4c74224a96fea4aec1d9966e0
SHA512

88a83b40f66825a1c4330b13e145fdd387bbabd3259bb8e3b608c01b9d48723ec4b6cc98b03b0f2bc1f4eff40740e415c42e7fc4ee195609433cb90432f934e0
SSDEEP

6144:kKZzO1/CJrWIICNg3tGld7CJHBtqquGv:w1abNmSd7Cqyv

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  5bfb4d5396885afd7f961ea33a3f3915161f45c4c74224a96fea4aec1d9966e0
- Size
  
  228KB
- MD5
  
  003c599d2e92f035f59581d97f8bb8dd
- SHA1
  
  912c3e1992213457df342cc7526ffbadd0e88300
- SHA256
  
  5bfb4d5396885afd7f961ea33a3f3915161f45c4c74224a96fea4aec1d9966e0
- SHA512
  
  88a83b40f66825a1c4330b13e145fdd387bbabd3259bb8e3b608c01b9d48723ec4b6cc98b03b0f2bc1f4eff40740e415c42e7fc4ee195609433cb90432f934e0
- SSDEEP
  
  6144:kKZzO1/CJrWIICNg3tGld7CJHBtqquGv:w1abNmSd7Cqyv
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan