smokeloader | 14a24777db103b832845a5c7656465681d5346c060b1f4a022fc480b523b33ea | Triage

Sharing

General

Target

14a24777db103b832845a5c7656465681d5346c060b1f4a022fc480b523b33ea
Size

186KB
Sample

230922-tcszysha9s
MD5

5eee45e3c739d3bce86a6ddf073b9428
SHA1

481c30e04e7f22fade18bdc9cc55496c2d7be09e
SHA256

14a24777db103b832845a5c7656465681d5346c060b1f4a022fc480b523b33ea
SHA512

750b50236793e31757374b43e6117dc5775877d514628584fe728b70493ce0902573bc6bc6ab495c630ee1b715564a7148cdabc5a663b39d30befef04bc94105
SSDEEP

3072:XrDEyFMngWn4fx3tSbIG7O4pQH2rLlgEyHhR51QA6umlz:XUyFMngYI2kEO42WrxgPQATm

Score

10^/10

smokeloader up4 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/

rc4.i32

rc4.i32

Targets

- Target
  
  14a24777db103b832845a5c7656465681d5346c060b1f4a022fc480b523b33ea
- Size
  
  186KB
- MD5
  
  5eee45e3c739d3bce86a6ddf073b9428
- SHA1
  
  481c30e04e7f22fade18bdc9cc55496c2d7be09e
- SHA256
  
  14a24777db103b832845a5c7656465681d5346c060b1f4a022fc480b523b33ea
- SHA512
  
  750b50236793e31757374b43e6117dc5775877d514628584fe728b70493ce0902573bc6bc6ab495c630ee1b715564a7148cdabc5a663b39d30befef04bc94105
- SSDEEP
  
  3072:XrDEyFMngWn4fx3tSbIG7O4pQH2rLlgEyHhR51QA6umlz:XUyFMngYI2kEO42WrxgPQATm
Score

10^/10

smokeloader up4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup4backdoortrojan