smokeloader | 3d3bb7729e6fe6ca756c891382eda8dd52e3540886dd9ce60a690bde196f242e | Triage

Sharing

General

Target

3d3bb7729e6fe6ca756c891382eda8dd52e3540886dd9ce60a690bde196f242e
Size

164KB
Sample

230714-s5cm1aeh87
MD5

038c4d29d5ed8479c244641f384c561b
SHA1

d442f261d8485810b967626f9333d752f15f0565
SHA256

3d3bb7729e6fe6ca756c891382eda8dd52e3540886dd9ce60a690bde196f242e
SHA512

9bf446c2c6e255de82b6c2b7ee3142527feda2f7008100db003f1fd46f113e1a2c5a3e381e074159eeff56430c24c919ad9d4df20aa8294868d3eb8f0bec2f2a
SSDEEP

3072:NgkLnDzBmmA7gaN1PMgA9jJkdn1kc/5w3Fm:+kLnDNG7X3g+rk5Vm

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3d3bb7729e6fe6ca756c891382eda8dd52e3540886dd9ce60a690bde196f242e
- Size
  
  164KB
- MD5
  
  038c4d29d5ed8479c244641f384c561b
- SHA1
  
  d442f261d8485810b967626f9333d752f15f0565
- SHA256
  
  3d3bb7729e6fe6ca756c891382eda8dd52e3540886dd9ce60a690bde196f242e
- SHA512
  
  9bf446c2c6e255de82b6c2b7ee3142527feda2f7008100db003f1fd46f113e1a2c5a3e381e074159eeff56430c24c919ad9d4df20aa8294868d3eb8f0bec2f2a
- SSDEEP
  
  3072:NgkLnDzBmmA7gaN1PMgA9jJkdn1kc/5w3Fm:+kLnDNG7X3g+rk5Vm
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan