smokeloader | f24d91ea2d2167918e32dcf65495af793981b103eb6c908ed51dffb42c76b3ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f24d91ea2d2167918e32dcf65495af793981b103eb6c908ed51dffb42c76b3ceexe_JC.exe
Size

287KB
Sample

231009-tg4bgsec21
MD5

38fdc1b9e75e4bc4ac47e8a595443108
SHA1

0e755af10850f03cacec8f46f2c46c5783280b21
SHA256

f24d91ea2d2167918e32dcf65495af793981b103eb6c908ed51dffb42c76b3ce
SHA512

a562f2f5145b30c08f1ffe6c730af49c9c77fbee2c8c8cd0454fc4659376ed4e7e02532b523aeb9401f58c616d88783edab43f6be7a4230feffca140afb62827
SSDEEP

3072:naG5S/op1WWKgoUsjwx1/JFXhT/JNvVUYVHx+A7oCIi4Z:aGc6WZVU+wx1/JthT/jvVUYC06i

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  NEAS.f24d91ea2d2167918e32dcf65495af793981b103eb6c908ed51dffb42c76b3ceexe_JC.exe
- Size
  
  287KB
- MD5
  
  38fdc1b9e75e4bc4ac47e8a595443108
- SHA1
  
  0e755af10850f03cacec8f46f2c46c5783280b21
- SHA256
  
  f24d91ea2d2167918e32dcf65495af793981b103eb6c908ed51dffb42c76b3ce
- SHA512
  
  a562f2f5145b30c08f1ffe6c730af49c9c77fbee2c8c8cd0454fc4659376ed4e7e02532b523aeb9401f58c616d88783edab43f6be7a4230feffca140afb62827
- SSDEEP
  
  3072:naG5S/op1WWKgoUsjwx1/JFXhT/JNvVUYVHx+A7oCIi4Z:aGc6WZVU+wx1/JthT/jvVUYC06i
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan