smokeloader | d44c47a9cb72af202badf11aac5ec0b3a23f68dac3be5e45839a055f036a013d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b69d985f553f56a90ea6f1f0411762bc.bin
Size

122KB
Sample

230918-c2k7zaed51
MD5

bc6bed9ac3c3066544a768860c4599f1
SHA1

3dbc8585807837801cd0e93468244bbc7196fdde
SHA256

d44c47a9cb72af202badf11aac5ec0b3a23f68dac3be5e45839a055f036a013d
SHA512

a78c96a78a6ad139a24c8071a86a73bc77d424d276840e4f37636a346a4a77c4848a5d3d6f65b5e84908bccfbc30f01ba760a3d73104f19dc7020980b94fc24d
SSDEEP

3072:hCJWhHATw+zlUil+NVmmvYEEp2qRnLBxzuouBm2aMa+s5L:9GzlUiMNVmmgEq2q4anL

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1ae04fa07154cef3ce6fd3d7d00f8fe13b897107a328cfa516c9f26cf7c22b59.exe
- Size
  
  277KB
- MD5
  
  b69d985f553f56a90ea6f1f0411762bc
- SHA1
  
  dcd535a836d56cbde0e0efaaeef2e450806429a9
- SHA256
  
  1ae04fa07154cef3ce6fd3d7d00f8fe13b897107a328cfa516c9f26cf7c22b59
- SHA512
  
  f3ed1ca67d7a028af342c6c43b4cf510062d355d87c70b2e4873753be71340798c82a83a364ea847fe55550f4dcf1dca8cd573219a3296f5f6b8f7c659d358dd
- SSDEEP
  
  3072:mUHp3UPrWp8GCSV0pdmp02MDJivyghDNczW:rJkPrWSdSVh02hNi
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan