smokeloader | 1a6c3e57351b99900e332eb2784131323d71d9f4163cdcb09edaf1d348a249f6 | Triage

Sharing

General

Target

a40f5d4fa7c449ca99ffe9191ef03988bin_JC.zip
Size

141KB
Sample

231012-1pe27aea38
MD5

1b7c119279692c14c6cdddfedd5bbf67
SHA1

070faa96665ce5d4a1d0ca6c750c2248dee953d9
SHA256

1a6c3e57351b99900e332eb2784131323d71d9f4163cdcb09edaf1d348a249f6
SHA512

2c8576e7a59ae8899aee60ee5266173c62ab76b8f34653aa98572b9736cefcb7384e7479e15b4947033daa5099c27ec6e4eff828aa14b8f367f3c2089417905c
SSDEEP

3072:fS4R4ojaS5/pwSfKzBR6kgMtgU80l6bMvqG/i5US+mSIhZKDW:fqo75/qSyBR5vy0iMCoSATIhd

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7a3ed98aad8f0e6cc774200cdc7b35b86bffdb5f5ce23e8750acb0945d3c78fd.exe
- Size
  
  267KB
- MD5
  
  a40f5d4fa7c449ca99ffe9191ef03988
- SHA1
  
  1ecb44d3f7b583463785ba03e57c85d6f452f98e
- SHA256
  
  7a3ed98aad8f0e6cc774200cdc7b35b86bffdb5f5ce23e8750acb0945d3c78fd
- SHA512
  
  c60aa310ee7f5ca87f4b17375da8c18314b26307a131cf0ea0548caabc760b2d30d83c26742f10a1588a92a840365f54cfd5833deb529275de4403cf8be50822
- SSDEEP
  
  6144:QqN+ovUltzqjf2ld/OdtHnhGrJCfH+XQ:QD4UHzU8IHhuoi
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan