smokeloader | a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642 | Triage

Sharing

General

Target

a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642
Size

219KB
Sample

230930-vjbvpaeb4x
MD5

2629289c44d3d529f3b0e24847e6b3be
SHA1

3b663d337eb0371dad82cecd74719f48b9f9edec
SHA256

a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642
SHA512

76ff1f5567490ec31db1813909f1160f0b1a2896a0f7a4651d6b0a90681ba74a7645759611a4c9c02f320d2bab7cd864c1ffb540c48bf2127087f46b908259f2
SSDEEP

3072:Ab+yxRTPcC9KQ/6XZe4nOLv5G9mHRSrU5B55/2aIYJ:AjcC97g84iR/x++Z2aI

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642
- Size
  
  219KB
- MD5
  
  2629289c44d3d529f3b0e24847e6b3be
- SHA1
  
  3b663d337eb0371dad82cecd74719f48b9f9edec
- SHA256
  
  a6ef9d17ec98d77ce64e3e9a439ed970fe2f777086b07e6f11041e0258090642
- SHA512
  
  76ff1f5567490ec31db1813909f1160f0b1a2896a0f7a4651d6b0a90681ba74a7645759611a4c9c02f320d2bab7cd864c1ffb540c48bf2127087f46b908259f2
- SSDEEP
  
  3072:Ab+yxRTPcC9KQ/6XZe4nOLv5G9mHRSrU5B55/2aIYJ:AjcC97g84iR/x++Z2aI
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan