smokeloader | 4b4bb0c413b41d8289c56b0c8366f71248ed2120d1e30b757432ce4e8822b0e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b4bb0c413b41d8289c56b0c8366f71248ed2120d1e30b757432ce4e8822b0e7
Size

227KB
Sample

231002-wd1gjafa75
MD5

e518ddd4cb7f729b0fb70a74a15a6d8f
SHA1

6e7c46fd42bef00cb444eabc4670ed58eb3dca76
SHA256

4b4bb0c413b41d8289c56b0c8366f71248ed2120d1e30b757432ce4e8822b0e7
SHA512

a7bc2cf2b26906d6c5c588b5e0270bf4d6e038ae693c06c6f6da8509f484a71dbdce7175bf4d3fddf1ef820be508abc51d8afca049c7b7ea4f971ba8a4799773
SSDEEP

3072:Ba7t9yScghjoLUcIrc3o6d8hwCSRdJ2Z5nkrfy6JpvboBM:gy4hsmcK9SRHJ26JpvT

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4b4bb0c413b41d8289c56b0c8366f71248ed2120d1e30b757432ce4e8822b0e7
- Size
  
  227KB
- MD5
  
  e518ddd4cb7f729b0fb70a74a15a6d8f
- SHA1
  
  6e7c46fd42bef00cb444eabc4670ed58eb3dca76
- SHA256
  
  4b4bb0c413b41d8289c56b0c8366f71248ed2120d1e30b757432ce4e8822b0e7
- SHA512
  
  a7bc2cf2b26906d6c5c588b5e0270bf4d6e038ae693c06c6f6da8509f484a71dbdce7175bf4d3fddf1ef820be508abc51d8afca049c7b7ea4f971ba8a4799773
- SSDEEP
  
  3072:Ba7t9yScghjoLUcIrc3o6d8hwCSRdJ2Z5nkrfy6JpvboBM:gy4hsmcK9SRHJ26JpvT
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan