smokeloader | 9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
Size

295KB
Sample

230922-cd2j2sdh22
MD5

cb7812ea338333093c6d0cf972e341c7
SHA1

f92740f3e60873fc724e6f62a0dc5659b61ba7d6
SHA256

9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
SHA512

5fa201338694d33cb310a55603a1ba754d02eed1e21149e8dd257ed76652bdb705261cc7c5be383721c0350b67c522726701a5bbefa1fd26e5f8cf5b7839ee2c
SSDEEP

3072:GRMXS5zSj2L5s+JpkC+RDUMJrGtM/mokg4H+mluo8VeYBBiEg87dB:QISpSeZJpkC+RoMJgMOX8ml6VeYDg8Z

Score

10^/10

smokeloader up4 backdoor persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd.exe

Resource

win10v2004-20230915-en

smokeloader up4 backdoor persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/

rc4.i32

1
0x33f8f0d2

rc4.i32

1
0xaa0488bb

Targets

- Target
  
  9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
- Size
  
  295KB
- MD5
  
  cb7812ea338333093c6d0cf972e341c7
- SHA1
  
  f92740f3e60873fc724e6f62a0dc5659b61ba7d6
- SHA256
  
  9ebc3628cb743003e47d3b3d007c37040801f0f1b0a7fb1830e26272e0f91efd
- SHA512
  
  5fa201338694d33cb310a55603a1ba754d02eed1e21149e8dd257ed76652bdb705261cc7c5be383721c0350b67c522726701a5bbefa1fd26e5f8cf5b7839ee2c
- SSDEEP
  
  3072:GRMXS5zSj2L5s+JpkC+RDUMJrGtM/mokg4H+mluo8VeYBBiEg87dB:QISpSeZJpkC+RoMJgMOX8ml6VeYDg8Z
Score

10^/10

smokeloader up4 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup4backdoorpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.