smokeloader | ed997d5e7bc98f15a2c489877a05b24ef2088316422420e46ad472e96269792f | Triage

Sharing

General

Target

ed997d5e7bc98f15a2c489877a05b24ef2088316422420e46ad472e96269792f
Size

290KB
Sample

230921-ptcxvaaa45
MD5

c7b974e7b3e3701b3c5c8bb0bfc55744
SHA1

4f64aee4a8c7ea6ddaf8fcb9e2800e6579889c43
SHA256

ed997d5e7bc98f15a2c489877a05b24ef2088316422420e46ad472e96269792f
SHA512

9e116c5cdc534ba31771a1152d7f43ef9d01abcc968b96cd62ccd11a8482e77e2b4adb7eae7c9bf98be2677ad8bdf0b4b285cefeb67e87ffefb7d4db7921bf84
SSDEEP

3072:MsXvpDSbEuKgAla/rxaIP6SHF0lkALAgaiAyAM2Mi93GzqUxzg8/ve:1vpSbKLa/NBP3akgiMi93GzqUtg8X

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ed997d5e7bc98f15a2c489877a05b24ef2088316422420e46ad472e96269792f
- Size
  
  290KB
- MD5
  
  c7b974e7b3e3701b3c5c8bb0bfc55744
- SHA1
  
  4f64aee4a8c7ea6ddaf8fcb9e2800e6579889c43
- SHA256
  
  ed997d5e7bc98f15a2c489877a05b24ef2088316422420e46ad472e96269792f
- SHA512
  
  9e116c5cdc534ba31771a1152d7f43ef9d01abcc968b96cd62ccd11a8482e77e2b4adb7eae7c9bf98be2677ad8bdf0b4b285cefeb67e87ffefb7d4db7921bf84
- SSDEEP
  
  3072:MsXvpDSbEuKgAla/rxaIP6SHF0lkALAgaiAyAM2Mi93GzqUxzg8/ve:1vpSbKLa/NBP3akgiMi93GzqUtg8X
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan