smokeloader | c66a4302144c211faf6042f46e1c0f1b6e7d11ab21a9f60bc010ccaf2854f9db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c66a4302144c211faf6042f46e1c0f1b6e7d11ab21a9f60bc010ccaf2854f9db
Size

309KB
Sample

231004-eahc4sag65
MD5

a52ee4d122e9bf282e0ca71d7281b5dc
SHA1

e70bee7b9e8c9abdbff7160912ba44d02aaaaede
SHA256

c66a4302144c211faf6042f46e1c0f1b6e7d11ab21a9f60bc010ccaf2854f9db
SHA512

4140dad0e94528c7706780d36e10a6e4778119b3079f6f1161ff9ebb0f86498e0acb007fb6a3a650aba1da07d99e9ca4cf8562cf839450b45a67397473df26cb
SSDEEP

3072:wjh0AQTbCCKPyO3QQWqNuWDbCNhqV5NPpy+CCcoY:s0AQHCxPyO3QeNuWDWMpy0

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c66a4302144c211faf6042f46e1c0f1b6e7d11ab21a9f60bc010ccaf2854f9db
- Size
  
  309KB
- MD5
  
  a52ee4d122e9bf282e0ca71d7281b5dc
- SHA1
  
  e70bee7b9e8c9abdbff7160912ba44d02aaaaede
- SHA256
  
  c66a4302144c211faf6042f46e1c0f1b6e7d11ab21a9f60bc010ccaf2854f9db
- SHA512
  
  4140dad0e94528c7706780d36e10a6e4778119b3079f6f1161ff9ebb0f86498e0acb007fb6a3a650aba1da07d99e9ca4cf8562cf839450b45a67397473df26cb
- SSDEEP
  
  3072:wjh0AQTbCCKPyO3QQWqNuWDbCNhqV5NPpy+CCcoY:s0AQHCxPyO3QeNuWDWMpy0
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan