smokeloader | 931d05ea59f0f22fedce87afe0e53b7c81e72d4375d8273f78199509eb47872a | Triage

Sharing

General

Target

931d05ea59f0f22fedce87afe0e53b7c81e72d4375d8273f78199509eb47872a
Size

216KB
Sample

230821-ebb8gsaf55
MD5

30d35fdeffca7c09516a4dc81b28bd2a
SHA1

f9214fed0e0ff84289418fb1df55f2ccdd7b3373
SHA256

931d05ea59f0f22fedce87afe0e53b7c81e72d4375d8273f78199509eb47872a
SHA512

770fcd37fa937dcadc93808fb4419591941b68e5097e044fb207a8da9822ad3cc534c680998b625d3ce3166b9edb6890d16d966dcf20fb299ab371889a7e0370
SSDEEP

3072:4DaaPugLWW94WKnIzjjpeM8PIiKRydNtjr+Ac:zgLv4tIHjpeM8uEjr+

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  931d05ea59f0f22fedce87afe0e53b7c81e72d4375d8273f78199509eb47872a
- Size
  
  216KB
- MD5
  
  30d35fdeffca7c09516a4dc81b28bd2a
- SHA1
  
  f9214fed0e0ff84289418fb1df55f2ccdd7b3373
- SHA256
  
  931d05ea59f0f22fedce87afe0e53b7c81e72d4375d8273f78199509eb47872a
- SHA512
  
  770fcd37fa937dcadc93808fb4419591941b68e5097e044fb207a8da9822ad3cc534c680998b625d3ce3166b9edb6890d16d966dcf20fb299ab371889a7e0370
- SSDEEP
  
  3072:4DaaPugLWW94WKnIzjjpeM8PIiKRydNtjr+Ac:zgLv4tIHjpeM8uEjr+
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan