smokeloader | 577eafd6443de67e4e9ea1c3d8ee9845139cb15f204e10fc779f74e71f33b804 | Triage

Sharing

General

Target

577eafd6443de67e4e9ea1c3d8ee9845139cb15f204e10fc779f74e71f33b804
Size

316KB
Sample

230718-vq1sdsdd9v
MD5

7bc2c0fa031433648a2b770422f0b77c
SHA1

aae47199d16495f21470dd9e80cc0c58f2f6e2d8
SHA256

577eafd6443de67e4e9ea1c3d8ee9845139cb15f204e10fc779f74e71f33b804
SHA512

176dddaf02b941afbe5477e5e61d3c3dc784c15299be1941474aff3336ce1787ff95fcfdb7e86b4e2a64eec614e39027b8153f9780c67c68f76cf06cd59a21a6
SSDEEP

3072:qYp/9g7Lz2nehtfRNGeN1Cur1kA3ZU0B4NJK5SGZSGFBY:FGLzbfGKn1kAi02TtKSs

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  577eafd6443de67e4e9ea1c3d8ee9845139cb15f204e10fc779f74e71f33b804
- Size
  
  316KB
- MD5
  
  7bc2c0fa031433648a2b770422f0b77c
- SHA1
  
  aae47199d16495f21470dd9e80cc0c58f2f6e2d8
- SHA256
  
  577eafd6443de67e4e9ea1c3d8ee9845139cb15f204e10fc779f74e71f33b804
- SHA512
  
  176dddaf02b941afbe5477e5e61d3c3dc784c15299be1941474aff3336ce1787ff95fcfdb7e86b4e2a64eec614e39027b8153f9780c67c68f76cf06cd59a21a6
- SSDEEP
  
  3072:qYp/9g7Lz2nehtfRNGeN1Cur1kA3ZU0B4NJK5SGZSGFBY:FGLzbfGKn1kAi02TtKSs
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan