smokeloader | c7c4172738b86422159a6c80931b45e7f788364be996a1f657ed3a570d429592 | Triage

Sharing

General

Target

c7c4172738b86422159a6c80931b45e7f788364be996a1f657ed3a570d429592
Size

292KB
Sample

231006-q7ybdacc8s
MD5

9d8d5955c120589d126c6f0ad26f2506
SHA1

521ca7d3977a9c99da92532722f66d7b09940e64
SHA256

c7c4172738b86422159a6c80931b45e7f788364be996a1f657ed3a570d429592
SHA512

0f173547f28d89b4a4cc76b2b553f27d3575ad3349728d889e28700d66aa4b2768e1721779428a5014eeab32de63e48595ccf56ed2c25fe79ed13dc43826f701
SSDEEP

3072:0IilkRV6NlFw8Z033RyTUWetNxChncpRLoGqk5EU:9HRMfw8w3MUNoGBE

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c7c4172738b86422159a6c80931b45e7f788364be996a1f657ed3a570d429592
- Size
  
  292KB
- MD5
  
  9d8d5955c120589d126c6f0ad26f2506
- SHA1
  
  521ca7d3977a9c99da92532722f66d7b09940e64
- SHA256
  
  c7c4172738b86422159a6c80931b45e7f788364be996a1f657ed3a570d429592
- SHA512
  
  0f173547f28d89b4a4cc76b2b553f27d3575ad3349728d889e28700d66aa4b2768e1721779428a5014eeab32de63e48595ccf56ed2c25fe79ed13dc43826f701
- SSDEEP
  
  3072:0IilkRV6NlFw8Z033RyTUWetNxChncpRLoGqk5EU:9HRMfw8w3MUNoGBE
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan