smokeloader | 53db21b2aff17083eeaf5d5988127944ffe4508ddd160cf50ab3d9d942d81160 | Triage

Sharing

General

Target

53db21b2aff17083eeaf5d5988127944ffe4508ddd160cf50ab3d9d942d81160_JC.exe
Size

269KB
Sample

230826-rv2zgaba27
MD5

6a1f3c92dd6011d36b4387e8928db8ed
SHA1

be6ff4483546379bacf88ffe8ca336d39c659527
SHA256

53db21b2aff17083eeaf5d5988127944ffe4508ddd160cf50ab3d9d942d81160
SHA512

77c7fe1b871f8340aabb41b3dd2e964f60da78b5db576dae03c6d0b08bb6f029d2493a8f7daf79a63590273e13f6d5158f8a587d683d04c8201723c10518cd38
SSDEEP

3072:5aMHnEJgeKE2QUqJ/qi7l7afNoleBdUWD0Jfln3j24OQhCLCDcfdU7Qg+t:5fMVK/qJbkfNkqUw+93j24hCLCDwu72

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  53db21b2aff17083eeaf5d5988127944ffe4508ddd160cf50ab3d9d942d81160_JC.exe
- Size
  
  269KB
- MD5
  
  6a1f3c92dd6011d36b4387e8928db8ed
- SHA1
  
  be6ff4483546379bacf88ffe8ca336d39c659527
- SHA256
  
  53db21b2aff17083eeaf5d5988127944ffe4508ddd160cf50ab3d9d942d81160
- SHA512
  
  77c7fe1b871f8340aabb41b3dd2e964f60da78b5db576dae03c6d0b08bb6f029d2493a8f7daf79a63590273e13f6d5158f8a587d683d04c8201723c10518cd38
- SSDEEP
  
  3072:5aMHnEJgeKE2QUqJ/qi7l7afNoleBdUWD0Jfln3j24OQhCLCDcfdU7Qg+t:5fMVK/qJbkfNkqUw+93j24hCLCDwu72
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan