smokeloader | 9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
Size

295KB
Sample

230922-cd2j2sdh22
MD5

cb7812ea338333093c6d0cf972e341c7
SHA1

f92740f3e60873fc724e6f62a0dc5659b61ba7d6
SHA256

9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
SHA512

5fa201338694d33cb310a55603a1ba754d02eed1e21149e8dd257ed76652bdb705261cc7c5be383721c0350b67c522726701a5bbefa1fd26e5f8cf5b7839ee2c
SSDEEP

3072:GRMXS5zSj2L5s+JpkC+RDUMJrGtM/mokg4H+mluo8VeYBBiEg87dB:QISpSeZJpkC+RoMJgMOX8ml6VeYDg8Z

Score

10^/10

smokeloader up4 backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
- Size
  
  295KB
- MD5
  
  cb7812ea338333093c6d0cf972e341c7
- SHA1
  
  f92740f3e60873fc724e6f62a0dc5659b61ba7d6
- SHA256
  
  9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
- SHA512
  
  5fa201338694d33cb310a55603a1ba754d02eed1e21149e8dd257ed76652bdb705261cc7c5be383721c0350b67c522726701a5bbefa1fd26e5f8cf5b7839ee2c
- SSDEEP
  
  3072:GRMXS5zSj2L5s+JpkC+RDUMJrGtM/mokg4H+mluo8VeYBBiEg87dB:QISpSeZJpkC+RoMJgMOX8ml6VeYDg8Z
Score

10^/10

smokeloader up4 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup4backdoorpersistencetrojan