smokeloader | 31208830e7e4732d021a4a317533eec07c030a0e1b35f5ec64da914e493f3047 | Triage

Sharing

General

Target

13f85e6dd696a643f15806688354d75b.bin
Size

122KB
Sample

231012-vtthgsfh39
MD5

ec88ceee1c234b18b0b17af4638b37ac
SHA1

3d7a20d10a478b7e252f747901e19cfdcc5fa659
SHA256

31208830e7e4732d021a4a317533eec07c030a0e1b35f5ec64da914e493f3047
SHA512

a60c70ac3fa67505bd04a69671dbc83ee3bcc8edd7440bac7d5b639a0d87beae537cd5685a905d30d29da43f44ed46b80f92f15b17805fb13ea4a98066401e7e
SSDEEP

1536:7ARig0U212xxFVkSUM7kOWiWKRsm3I3MehN82kVkKdPrZTRHWuKLDTgvg7F1OASA:CxBWVbmZe4VPZd2RTco1kD5zicVg

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d570c7efc7e3e6c43ac25349f43cf3664d6a7caa13cb859848f3fe99c40bb277.exe
- Size
  
  277KB
- MD5
  
  13f85e6dd696a643f15806688354d75b
- SHA1
  
  590dcb3783f28e742e2317ff88d6d443d79cb3ed
- SHA256
  
  d570c7efc7e3e6c43ac25349f43cf3664d6a7caa13cb859848f3fe99c40bb277
- SHA512
  
  583ee4fe693f4eb995c339110959c2c534d647909716d227d462b03d67e7f9aa9c2ee4f01262274c0d4f79a5960810d216dd63aebd5a508eef20ceee8b03aecc
- SSDEEP
  
  3072:yRA0kPGK1K4A3js44ZDE1OkwlxAZwyDEXSGOBCZrKZVt:60PGKAQ1ZDEClKZEKQ2V
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan