smokeloader | ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193
Size

293KB
Sample

231006-pe4r1sdc95
MD5

fd8894c45fade2fa27b964affcb0f293
SHA1

2a72eeffbc496233f9eec7167ff0c74b828c4e20
SHA256

ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193
SHA512

cc2a3e7279442c595260078563ecfeda37f8a45bbe91b23a9a413d4fd2f8fdfb80ce8fccaea4fac54fcc2675d290a0dba6453f587689b144c95f744c679b81cd
SSDEEP

3072:Gz+UbYSifIDlUSMpqjWutafGXypDsfO8Ozp9fSSd1Tot:8PYpfIOKKgakKDsxO3NTo

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193
- Size
  
  293KB
- MD5
  
  fd8894c45fade2fa27b964affcb0f293
- SHA1
  
  2a72eeffbc496233f9eec7167ff0c74b828c4e20
- SHA256
  
  ee016d52e39688670944b58a33a11545254d3c8f8b6813d59992138738349193
- SHA512
  
  cc2a3e7279442c595260078563ecfeda37f8a45bbe91b23a9a413d4fd2f8fdfb80ce8fccaea4fac54fcc2675d290a0dba6453f587689b144c95f744c679b81cd
- SSDEEP
  
  3072:Gz+UbYSifIDlUSMpqjWutafGXypDsfO8Ozp9fSSd1Tot:8PYpfIOKKgakKDsxO3NTo
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan