smokeloader | a59e3dd9bba5e2b4d728c30d080bccb1bc6cf06e5f0e87a86756a704ea395301 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae67b8092dd84ed6a92e228d7ff78919645e1a0230ece20fc42e5aa9e400279a
Size

147KB
Sample

231004-k2x6jaad4s
MD5

e870745c9145e88ca15e59045cceed34
SHA1

aa90c60eb3f2917fd91a08d4752347e7b6664a83
SHA256

a59e3dd9bba5e2b4d728c30d080bccb1bc6cf06e5f0e87a86756a704ea395301
SHA512

6094fd2519aeb23343216f97de7d37777a7a8af01849312eb388defc7b8fbbee11408dc5e639c3f8a7cd059a1a48b4cf1cbb0378545e1d521ec27f8e9d775d4a
SSDEEP

3072:YePS6U5af51Uy8BwqBFdohRJAbLdHoyp5hyg55lPc2PgDViNX:xPXeaZEwqLdSR0Noyp5PX6iV

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ae67b8092dd84ed6a92e228d7ff78919645e1a0230ece20fc42e5aa9e400279a
- Size
  
  208KB
- MD5
  
  c46887ab47134ced12aa7dd6162afcd7
- SHA1
  
  18a813555804d8dafa1aba70f0348e7f6be97c8b
- SHA256
  
  ae67b8092dd84ed6a92e228d7ff78919645e1a0230ece20fc42e5aa9e400279a
- SHA512
  
  6e4ddae07f0071bdcae473fdcc41577724339ef1e45f655215d4776cceac7a8a6c4a70b14ec5857486672fb01b241e6f5300e972bd2edd11f423411ac97167ab
- SSDEEP
  
  3072:VdMvm64wh76gk+IeIqVqaoS8bwLdHoyp5ebWzTdToS56vt8Ih:W4wZk+IlY5oANoyp5ebWzTdTiv
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan