smokeloader | d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce | Triage

Sharing

General

Target

d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce
Size

305KB
Sample

230805-er6f9sgh91
MD5

c84ded775d454fc674c6385a58a8112d
SHA1

ce5e15cbeb241bcb62780824df8889e8d0386d35
SHA256

d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce
SHA512

70840e026b2f5add74dede5000b8c9eaca4e5092046c324329bac8c83819b5f4e29d7ecaea9fcac5e21f6d5178e89149cc4c16d3d3f058d7d68c98afa1222336
SSDEEP

3072:h1PbkQZ5uZhLib8HmWxo0kSDAZW5bFERbdTJkmGTj3YD5G:/bk5Msm+kScM5RmbdTemGv3Y

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce
- Size
  
  305KB
- MD5
  
  c84ded775d454fc674c6385a58a8112d
- SHA1
  
  ce5e15cbeb241bcb62780824df8889e8d0386d35
- SHA256
  
  d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce
- SHA512
  
  70840e026b2f5add74dede5000b8c9eaca4e5092046c324329bac8c83819b5f4e29d7ecaea9fcac5e21f6d5178e89149cc4c16d3d3f058d7d68c98afa1222336
- SSDEEP
  
  3072:h1PbkQZ5uZhLib8HmWxo0kSDAZW5bFERbdTJkmGTj3YD5G:/bk5Msm+kScM5RmbdTemGv3Y
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan