smokeloader | 4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0 | Triage

Sharing

General

Target

4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0
Size

245KB
Sample

230903-1vmdfscf55
MD5

3f8f5fca4372c7d1889b1294f78e2394
SHA1

21be72a7010b456c64444d247ef43c0f0616db72
SHA256

4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0
SHA512

99f8adcc9cd5cb3588e3b1457bc6cecef9764a9bbd4d27e53436f0b774e31df45227b11ffb3c38a7040d804e407cc3bbe6231b0acae4e8b2089001079feae3d2
SSDEEP

3072:g6tgzPSutyNF/OjsOYDexBHWsKNZi8zz4nwTOan87d:0RyesOlBHZOZi8zzawTBn8J

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0
- Size
  
  245KB
- MD5
  
  3f8f5fca4372c7d1889b1294f78e2394
- SHA1
  
  21be72a7010b456c64444d247ef43c0f0616db72
- SHA256
  
  4acd3dfbdcedfe49f4d95a35592fa167333900f13e468d23128c4f787be713f0
- SHA512
  
  99f8adcc9cd5cb3588e3b1457bc6cecef9764a9bbd4d27e53436f0b774e31df45227b11ffb3c38a7040d804e407cc3bbe6231b0acae4e8b2089001079feae3d2
- SSDEEP
  
  3072:g6tgzPSutyNF/OjsOYDexBHWsKNZi8zz4nwTOan87d:0RyesOlBHZOZi8zzawTBn8J
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan