smokeloader | 947cfa8d05d3370df4db4efa8dce5eea22cee9bf2ea12670951e41cca77471c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

947cfa8d05d3370df4db4efa8dce5eea22cee9bf2ea12670951e41cca77471c8
Size

294KB
Sample

231010-xlzqmshh83
MD5

d1136e335960c63cdd32faca4a354b52
SHA1

96c9c29dfbbe9d312ed91391eb5b52ab032f91f3
SHA256

947cfa8d05d3370df4db4efa8dce5eea22cee9bf2ea12670951e41cca77471c8
SHA512

b971a9f058098b9d428a3755ff850f0dee68cdfe06bdf8f92e46a6691cb2a55b2d5a545d750b1f03f53c9a3a8b027327889d90129edf484d83db0c95e02da76b
SSDEEP

3072:oyhBX96wXDN5A660A0ROej6fMPQyni3qcSNQEXtdwjg/a4:lFDN5A660A0xjCMPQyni3qdQyt8

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  947cfa8d05d3370df4db4efa8dce5eea22cee9bf2ea12670951e41cca77471c8
- Size
  
  294KB
- MD5
  
  d1136e335960c63cdd32faca4a354b52
- SHA1
  
  96c9c29dfbbe9d312ed91391eb5b52ab032f91f3
- SHA256
  
  947cfa8d05d3370df4db4efa8dce5eea22cee9bf2ea12670951e41cca77471c8
- SHA512
  
  b971a9f058098b9d428a3755ff850f0dee68cdfe06bdf8f92e46a6691cb2a55b2d5a545d750b1f03f53c9a3a8b027327889d90129edf484d83db0c95e02da76b
- SSDEEP
  
  3072:oyhBX96wXDN5A660A0ROej6fMPQyni3qcSNQEXtdwjg/a4:lFDN5A660A0xjCMPQyni3qdQyt8
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan