smokeloader | 46290826a29b36047e70361703ec92cd6ebd9bdf0a38e4baa05be965762a5fc0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46290826a29b36047e70361703ec92cd6ebd9bdf0a38e4baa05be965762a5fc0
Size

316KB
Sample

230718-tam1xscf6s
MD5

29d250a856c2b4720233833e43f72bc7
SHA1

94936746ce8a540c62b4a65c8b963e79f033b148
SHA256

46290826a29b36047e70361703ec92cd6ebd9bdf0a38e4baa05be965762a5fc0
SHA512

5421dafd8607ddc5f108e0d98c7867045cc4c80a7beb9cdec98278c00267daea5c1bdcde3e5a2826203e20178300b46d42762b9f07f36479274ec419281380e3
SSDEEP

3072:mEp0x9/zLUCVlXJLgLCCLyf6i3dBbS1+88W9t5y8GFBYT:xOLUCX5j2qr+Q899S8s

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  46290826a29b36047e70361703ec92cd6ebd9bdf0a38e4baa05be965762a5fc0
- Size
  
  316KB
- MD5
  
  29d250a856c2b4720233833e43f72bc7
- SHA1
  
  94936746ce8a540c62b4a65c8b963e79f033b148
- SHA256
  
  46290826a29b36047e70361703ec92cd6ebd9bdf0a38e4baa05be965762a5fc0
- SHA512
  
  5421dafd8607ddc5f108e0d98c7867045cc4c80a7beb9cdec98278c00267daea5c1bdcde3e5a2826203e20178300b46d42762b9f07f36479274ec419281380e3
- SSDEEP
  
  3072:mEp0x9/zLUCVlXJLgLCCLyf6i3dBbS1+88W9t5y8GFBYT:xOLUCX5j2qr+Q899S8s
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan