smokeloader | 73d979ea2a3882f6d459a4160b7f511dff48d8b3c0ecebe857d629b6bb70391b | Triage

Sharing

General

Target

73d979ea2a3882f6d459a4160b7f511dff48d8b3c0ecebe857d629b6bb70391b
Size

294KB
Sample

231010-ltgdgsef42
MD5

fcee9e1b0025545cb9dac6c55df91af5
SHA1

f701b4312336ab49a6a382db865c840012bf7af9
SHA256

73d979ea2a3882f6d459a4160b7f511dff48d8b3c0ecebe857d629b6bb70391b
SHA512

dd3143894fb5e18fd9088446d4f6cfa1f989631f747e2e10df4d785d2555cbfa61af3d0c8295a08872ce8f24a97e7268e116a15cc8ba301c3da47125bb55ddfd
SSDEEP

6144:5BoUhw660s+tx64h4BbA+3sdSz7V2Ywa:wUhw660s6xiAbwz0Y

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  73d979ea2a3882f6d459a4160b7f511dff48d8b3c0ecebe857d629b6bb70391b
- Size
  
  294KB
- MD5
  
  fcee9e1b0025545cb9dac6c55df91af5
- SHA1
  
  f701b4312336ab49a6a382db865c840012bf7af9
- SHA256
  
  73d979ea2a3882f6d459a4160b7f511dff48d8b3c0ecebe857d629b6bb70391b
- SHA512
  
  dd3143894fb5e18fd9088446d4f6cfa1f989631f747e2e10df4d785d2555cbfa61af3d0c8295a08872ce8f24a97e7268e116a15cc8ba301c3da47125bb55ddfd
- SSDEEP
  
  6144:5BoUhw660s+tx64h4BbA+3sdSz7V2Ywa:wUhw660s6xiAbwz0Y
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan