smokeloader | c7a34d32026cdbad9de040d642e2cc35f185e093ffcacc3ced6819a8b9ec5278 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7a34d32026cdbad9de040d642e2cc35f185e093ffcacc3ced6819a8b9ec5278
Size

249KB
Sample

230717-qe7pcaca88
MD5

37e57819fee269e39d0c182dd4693da9
SHA1

7be73d3c38fd5d551212154a3944b6e15be8f96f
SHA256

c7a34d32026cdbad9de040d642e2cc35f185e093ffcacc3ced6819a8b9ec5278
SHA512

d254bc36d6c56325e2188f967e79db36d0ab9468ce6ec9e2b66ecc2f02960dbe2981898c8d2abefdec7b18b41ba8535d0a7625cfc3f2a47f0d940086fa8f6412
SSDEEP

3072:7SpKtcVvVcmClRFzWtYHe2rv4kMhd39v6x1k66kjpDW8KL:7HcJKJDgld4Xko

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c7a34d32026cdbad9de040d642e2cc35f185e093ffcacc3ced6819a8b9ec5278
- Size
  
  249KB
- MD5
  
  37e57819fee269e39d0c182dd4693da9
- SHA1
  
  7be73d3c38fd5d551212154a3944b6e15be8f96f
- SHA256
  
  c7a34d32026cdbad9de040d642e2cc35f185e093ffcacc3ced6819a8b9ec5278
- SHA512
  
  d254bc36d6c56325e2188f967e79db36d0ab9468ce6ec9e2b66ecc2f02960dbe2981898c8d2abefdec7b18b41ba8535d0a7625cfc3f2a47f0d940086fa8f6412
- SSDEEP
  
  3072:7SpKtcVvVcmClRFzWtYHe2rv4kMhd39v6x1k66kjpDW8KL:7HcJKJDgld4Xko
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan