smokeloader | 2238b967e9fa4461037c5812167ea599a1576bb00087cec2c4d167926b5f8860 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2238b967e9fa4461037c5812167ea599a1576bb00087cec2c4d167926b5f8860
Size

239KB
Sample

231012-mwxzpaga93
MD5

5a46474690f42777113344ac20b275e5
SHA1

657af2fd87c4483d78f9fc8bbe12f98c80f81e03
SHA256

2238b967e9fa4461037c5812167ea599a1576bb00087cec2c4d167926b5f8860
SHA512

a8cbce6ccaa6eb826ebdca00c3f7118223bf758d6afa0c4528e7f5928a182552ddf116122bb9a3ab64d62b40d75913886d5eb90674c930852cecadab99689646
SSDEEP

3072:+5IEmFDSp5UyGCEq2seCEmioaaYbH1JPaaBkZ/kxBP5Wt4hT1Mp:RbMpvGPq2NCEsaaYLfa8xBkChT

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2238b967e9fa4461037c5812167ea599a1576bb00087cec2c4d167926b5f8860
- Size
  
  239KB
- MD5
  
  5a46474690f42777113344ac20b275e5
- SHA1
  
  657af2fd87c4483d78f9fc8bbe12f98c80f81e03
- SHA256
  
  2238b967e9fa4461037c5812167ea599a1576bb00087cec2c4d167926b5f8860
- SHA512
  
  a8cbce6ccaa6eb826ebdca00c3f7118223bf758d6afa0c4528e7f5928a182552ddf116122bb9a3ab64d62b40d75913886d5eb90674c930852cecadab99689646
- SSDEEP
  
  3072:+5IEmFDSp5UyGCEq2seCEmioaaYbH1JPaaBkZ/kxBP5Wt4hT1Mp:RbMpvGPq2NCEsaaYLfa8xBkChT
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan