smokeloader | a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6 | Triage

Sharing

General

Target

a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6
Size

284KB
Sample

231007-pty53scc6s
MD5

f8fc1a1c58436919bc933c0ff8371491
SHA1

a8a3248892ea6ac1fa505be1e45c8816ae20c9ee
SHA256

a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6
SHA512

1731602c68991a3567d09981ed2d4fbffec1579fc4d83e09c70cd81a242c911459b57e049647572b85cc44646ddf15241e67a83d8f495c5bbf7a2087d415c017
SSDEEP

3072:56ZT9ZIaPPpwlKn/4LVkjPNOi5VXOnEUsodREZmow:0TZ3PPpwl606T4iPXOnHfd4m

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6
- Size
  
  284KB
- MD5
  
  f8fc1a1c58436919bc933c0ff8371491
- SHA1
  
  a8a3248892ea6ac1fa505be1e45c8816ae20c9ee
- SHA256
  
  a8271bde9b3cc677a4bc50a97deef7b9ce06d14b6a66ec6a8ee45e02e85db0a6
- SHA512
  
  1731602c68991a3567d09981ed2d4fbffec1579fc4d83e09c70cd81a242c911459b57e049647572b85cc44646ddf15241e67a83d8f495c5bbf7a2087d415c017
- SSDEEP
  
  3072:56ZT9ZIaPPpwlKn/4LVkjPNOi5VXOnEUsodREZmow:0TZ3PPpwl606T4iPXOnHfd4m
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan