smokeloader | f1b5fd21d4d4bf57e836005ecaf9e70688361303a736dd7554f611196eb62097 | Triage

Sharing

General

Target

f1b5fd21d4d4bf57e836005ecaf9e70688361303a736dd7554f611196eb62097
Size

284KB
Sample

231007-pv113acc7t
MD5

00cfd198e57faa7fb18b5c0832dc0c23
SHA1

5314715954fe6d46b906ba492e763aaadb645b88
SHA256

f1b5fd21d4d4bf57e836005ecaf9e70688361303a736dd7554f611196eb62097
SHA512

dad62a23ccfb32178d6c48b88adedc95606bd1dadaa5401621015a6e576dd8f2d977f21cd60c8f6d7fa8840f5911b603bde6601ab20f54c1bc8d2ddfaf542130
SSDEEP

3072:KVekOWF9Mx03rkJOkSTMcnaGBtl5DaEv7oKngUrU7Qtgh4a:wUWHMx0oJkTaGBkI7oukCgh

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f1b5fd21d4d4bf57e836005ecaf9e70688361303a736dd7554f611196eb62097
- Size
  
  284KB
- MD5
  
  00cfd198e57faa7fb18b5c0832dc0c23
- SHA1
  
  5314715954fe6d46b906ba492e763aaadb645b88
- SHA256
  
  f1b5fd21d4d4bf57e836005ecaf9e70688361303a736dd7554f611196eb62097
- SHA512
  
  dad62a23ccfb32178d6c48b88adedc95606bd1dadaa5401621015a6e576dd8f2d977f21cd60c8f6d7fa8840f5911b603bde6601ab20f54c1bc8d2ddfaf542130
- SSDEEP
  
  3072:KVekOWF9Mx03rkJOkSTMcnaGBtl5DaEv7oKngUrU7Qtgh4a:wUWHMx0oJkTaGBkI7oukCgh
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan