smokeloader | 60e8eef70c565ec2abbe7d16157a0edc4f8dbf8938363680ac6362620114c436 | Triage

Sharing

General

Target

toolspub2.exe
Size

271KB
Sample

230825-f1wh4ahd26
MD5

222a4c7e494a2314e9e1d0a07abecee9
SHA1

dd8f2552f2fa5256fac01a51fa2c383759e84f8e
SHA256

60e8eef70c565ec2abbe7d16157a0edc4f8dbf8938363680ac6362620114c436
SHA512

fd419aa596c7f91f7cfbde0a1cb6a6801ebe684c9966b53d2e8541f7f6b0763427c251f371ba3d252acfe6ab2dc0c611273af8ca14d3ad738e3ca98b30d18d11
SSDEEP

3072:KS9AVA4WD+XiRE4KZ9f/KKosNgOe8R2fnedNvtKts+tiPJA88i3Ml7Z1DWGLM:K5NX3446KOOeZStKts1PDZSF1DWGL

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  toolspub2.exe
- Size
  
  271KB
- MD5
  
  222a4c7e494a2314e9e1d0a07abecee9
- SHA1
  
  dd8f2552f2fa5256fac01a51fa2c383759e84f8e
- SHA256
  
  60e8eef70c565ec2abbe7d16157a0edc4f8dbf8938363680ac6362620114c436
- SHA512
  
  fd419aa596c7f91f7cfbde0a1cb6a6801ebe684c9966b53d2e8541f7f6b0763427c251f371ba3d252acfe6ab2dc0c611273af8ca14d3ad738e3ca98b30d18d11
- SSDEEP
  
  3072:KS9AVA4WD+XiRE4KZ9f/KKosNgOe8R2fnedNvtKts+tiPJA88i3Ml7Z1DWGLM:K5NX3446KOOeZStKts1PDZSF1DWGL
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan