smokeloader | 0f42bdcaf9191520c94749f21bcc92f4bf7f65c449a120220aefeccf7738ea54 | Triage

Sharing

General

Target

0f42bdcaf9191520c94749f21bcc92f4bf7f65c449a120220aefeccf7738ea54
Size

276KB
Sample

230823-j321faag37
MD5

6c324b52aa92f7f9465382e57a3f665c
SHA1

9f92331ad69fca7b7584039e955ba61f6c102112
SHA256

0f42bdcaf9191520c94749f21bcc92f4bf7f65c449a120220aefeccf7738ea54
SHA512

4a29e4c18d89ba2f62c5c7ff8d99d11833073fd1fc09c0b3196724ac3a36d00c71a468f98a214afaa65b600a8a3ba978f0af1c4bfb07025221c2717ffafa7d6f
SSDEEP

3072:+Xj0HnOsIQLRoJkBmxfi9or3zOhNXEv8aHNSA5SfW5/z/S:GmIQLuKBmx6Or3zOMJSA5uUzq

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0f42bdcaf9191520c94749f21bcc92f4bf7f65c449a120220aefeccf7738ea54
- Size
  
  276KB
- MD5
  
  6c324b52aa92f7f9465382e57a3f665c
- SHA1
  
  9f92331ad69fca7b7584039e955ba61f6c102112
- SHA256
  
  0f42bdcaf9191520c94749f21bcc92f4bf7f65c449a120220aefeccf7738ea54
- SHA512
  
  4a29e4c18d89ba2f62c5c7ff8d99d11833073fd1fc09c0b3196724ac3a36d00c71a468f98a214afaa65b600a8a3ba978f0af1c4bfb07025221c2717ffafa7d6f
- SSDEEP
  
  3072:+Xj0HnOsIQLRoJkBmxfi9or3zOhNXEv8aHNSA5SfW5/z/S:GmIQLuKBmx6Or3zOMJSA5uUzq
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan