smokeloader | fe7b46b148b6249ee4c53a8f9f3e54780b2151ede8c16d6c7886801086efed88 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe7b46b148b6249ee4c53a8f9f3e54780b2151ede8c16d6c7886801086efed88
Size

263KB
Sample

230828-3f1nmsbf9v
MD5

5beaf6b0ffd3bd3483e36764da35f31e
SHA1

5bee586245299b5a52a5c97f9c5f61e3bffed38f
SHA256

fe7b46b148b6249ee4c53a8f9f3e54780b2151ede8c16d6c7886801086efed88
SHA512

828b5fdfe32f44e36505b1919532a80b3ca562baad8f8927c4e08d3feed4f9bba8c2c564df4ae8e92a278eedd1dd2f2d0d9f8f4642895ec01424ffbdc63a85e1
SSDEEP

3072:hdaSpH7fL2DfofNOUc8J6LJ+Hz5QOhcXsBsxv48D5n9fZ4Ecz9IiUjgiM:tpOYNOU9J6LJmlvBd8l9fZB0I+

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fe7b46b148b6249ee4c53a8f9f3e54780b2151ede8c16d6c7886801086efed88
- Size
  
  263KB
- MD5
  
  5beaf6b0ffd3bd3483e36764da35f31e
- SHA1
  
  5bee586245299b5a52a5c97f9c5f61e3bffed38f
- SHA256
  
  fe7b46b148b6249ee4c53a8f9f3e54780b2151ede8c16d6c7886801086efed88
- SHA512
  
  828b5fdfe32f44e36505b1919532a80b3ca562baad8f8927c4e08d3feed4f9bba8c2c564df4ae8e92a278eedd1dd2f2d0d9f8f4642895ec01424ffbdc63a85e1
- SSDEEP
  
  3072:hdaSpH7fL2DfofNOUc8J6LJ+Hz5QOhcXsBsxv48D5n9fZ4Ecz9IiUjgiM:tpOYNOU9J6LJmlvBd8l9fZB0I+
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan