smokeloader | 73b174c6316230888f3cef2a93ac3f4ba3d35897fa82181cd83beceda6fa7606 | Triage

Sharing

General

Target

73b174c6316230888f3cef2a93ac3f4ba3d35897fa82181cd83beceda6fa7606
Size

248KB
Sample

230720-d6sy2sda9x
MD5

932d72dbb9e47863813fde96f1b80bcc
SHA1

f945ba7966a0fa0f006850b76252c8bc8e13d83e
SHA256

73b174c6316230888f3cef2a93ac3f4ba3d35897fa82181cd83beceda6fa7606
SHA512

150b8fc8ba92d008dd80d1328947dec6fb7df09d02eac43e84bd66f0b4f5035d094838ac8f73cdae33ddb7d9a87b9336bef8d3499842ca71e68f60daf0df5dd6
SSDEEP

3072:t6dPRwnF4nmpagIKt+H11uEld44gNW6o25q0vMQU5:tI5wnF4nmpeKt8uqvgNW6oQq0

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  73b174c6316230888f3cef2a93ac3f4ba3d35897fa82181cd83beceda6fa7606
- Size
  
  248KB
- MD5
  
  932d72dbb9e47863813fde96f1b80bcc
- SHA1
  
  f945ba7966a0fa0f006850b76252c8bc8e13d83e
- SHA256
  
  73b174c6316230888f3cef2a93ac3f4ba3d35897fa82181cd83beceda6fa7606
- SHA512
  
  150b8fc8ba92d008dd80d1328947dec6fb7df09d02eac43e84bd66f0b4f5035d094838ac8f73cdae33ddb7d9a87b9336bef8d3499842ca71e68f60daf0df5dd6
- SSDEEP
  
  3072:t6dPRwnF4nmpagIKt+H11uEld44gNW6o25q0vMQU5:tI5wnF4nmpeKt8uqvgNW6oQq0
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan