smokeloader | 2960fc5dd7b17eac10fbae1227de83a688167617d69a1ce1b1a1a22b76e4800d | Triage

Sharing

General

Target

2960fc5dd7b17eac10fbae1227de83a688167617d69a1ce1b1a1a22b76e4800d
Size

253KB
Sample

230722-zp85lace6v
MD5

2ff6fd53ddfca4f99be58c9928e11778
SHA1

884c99ad019dba2e1405a8e14531025caa9d32d9
SHA256

2960fc5dd7b17eac10fbae1227de83a688167617d69a1ce1b1a1a22b76e4800d
SHA512

238b034ea6ef1c3cef3d6a2b034c86dd1f666720627adec4f08a1a87229d17f7f22d4359decab191329fdb96a7f0ed18de1dc3825a04b7670396895f7c2ebc04
SSDEEP

3072:yTX3d7kotmvbYkV4jszQzAURX2cqyMKVCiYudp9wDhI:Ktootmvba4zeAuqydbYg

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2960fc5dd7b17eac10fbae1227de83a688167617d69a1ce1b1a1a22b76e4800d
- Size
  
  253KB
- MD5
  
  2ff6fd53ddfca4f99be58c9928e11778
- SHA1
  
  884c99ad019dba2e1405a8e14531025caa9d32d9
- SHA256
  
  2960fc5dd7b17eac10fbae1227de83a688167617d69a1ce1b1a1a22b76e4800d
- SHA512
  
  238b034ea6ef1c3cef3d6a2b034c86dd1f666720627adec4f08a1a87229d17f7f22d4359decab191329fdb96a7f0ed18de1dc3825a04b7670396895f7c2ebc04
- SSDEEP
  
  3072:yTX3d7kotmvbYkV4jszQzAURX2cqyMKVCiYudp9wDhI:Ktootmvba4zeAuqydbYg
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan