smokeloader | 897a17219c089cfd40d9bd5608d3a6a8d3e743913887477afa0672dc8425442b | Triage

Sharing

General

Target

897a17219c089cfd40d9bd5608d3a6a8d3e743913887477afa0672dc8425442b_JC.exe
Size

203KB
Sample

231011-2gyd8sgg7t
MD5

24a7d43b55f483cd305b75e9e216ed4f
SHA1

f68d2a0259f15b92da5d7325eee1ab2a7d323c4c
SHA256

897a17219c089cfd40d9bd5608d3a6a8d3e743913887477afa0672dc8425442b
SHA512

0cd08bcfa0e4d1746a126ffb8b0c3ff1e77cec183782b4ac42a0445337e74eeba15a486e8e6d62e5b6cd59b0ec0da98b95515b8ca3980610c74b28b028dc2e64
SSDEEP

3072:FXJBQkp454Cho1cEvTjZqXyTquN/Q6L51ZGpVzaC:BLQG4GChEcEvLqdsZKp

Score

10^/10

smokeloader up4 backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/

rc4.i32

rc4.i32

Targets

- Target
  
  897a17219c089cfd40d9bd5608d3a6a8d3e743913887477afa0672dc8425442b_JC.exe
- Size
  
  203KB
- MD5
  
  24a7d43b55f483cd305b75e9e216ed4f
- SHA1
  
  f68d2a0259f15b92da5d7325eee1ab2a7d323c4c
- SHA256
  
  897a17219c089cfd40d9bd5608d3a6a8d3e743913887477afa0672dc8425442b
- SHA512
  
  0cd08bcfa0e4d1746a126ffb8b0c3ff1e77cec183782b4ac42a0445337e74eeba15a486e8e6d62e5b6cd59b0ec0da98b95515b8ca3980610c74b28b028dc2e64
- SSDEEP
  
  3072:FXJBQkp454Cho1cEvTjZqXyTquN/Q6L51ZGpVzaC:BLQG4GChEcEvLqdsZKp
Score

10^/10

smokeloader up4 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup4backdoorpersistencetrojan

behavioral2

smokeloaderup4backdoorpersistencetrojan