smokeloader | ec9d71ba85b9d1be8286625c5541cce355497d2d72b604cfdada19e2b13d263b | Triage

Sharing

General

Target

ec9d71ba85b9d1be8286625c5541cce355497d2d72b604cfdada19e2b13d263b
Size

188KB
Sample

231012-d8e5zada2x
MD5

04d47046a0cbef863edd172152853d6a
SHA1

f11578154d24fc85ab1cdfcf89c559c535b15990
SHA256

ec9d71ba85b9d1be8286625c5541cce355497d2d72b604cfdada19e2b13d263b
SHA512

be7a6fa095b1b00b0c4b62bb98b2de7b2ee303782e82b1c64d5318228e8804682cbba87a13da6c1b13cdad136925c29a21a3af43a87798a76efbbcce45cd0782
SSDEEP

3072:7vQ0IM7wv1T8ZKkl1jl33HL+7OCeh54RyyBFO5lxOUq:TQ0IM7CAhl1jJ3r+7254RQxpq

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ec9d71ba85b9d1be8286625c5541cce355497d2d72b604cfdada19e2b13d263b
- Size
  
  188KB
- MD5
  
  04d47046a0cbef863edd172152853d6a
- SHA1
  
  f11578154d24fc85ab1cdfcf89c559c535b15990
- SHA256
  
  ec9d71ba85b9d1be8286625c5541cce355497d2d72b604cfdada19e2b13d263b
- SHA512
  
  be7a6fa095b1b00b0c4b62bb98b2de7b2ee303782e82b1c64d5318228e8804682cbba87a13da6c1b13cdad136925c29a21a3af43a87798a76efbbcce45cd0782
- SSDEEP
  
  3072:7vQ0IM7wv1T8ZKkl1jl33HL+7OCeh54RyyBFO5lxOUq:TQ0IM7CAhl1jJ3r+7254RQxpq
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan