smokeloader | 3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d | Triage

Sharing

General

Target

3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d
Size

178KB
Sample

231029-v4cygsgf6s
MD5

b3c0e085181ea65930563b625aee1669
SHA1

01d04e8c83780329980801af9c2d41a0a8c4e03f
SHA256

3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d
SHA512

229de2573e251459bf21cda97ebc113a10a0d828027e8af7e28603dd7df547b40292a1ec1012872b81c8cd3cf9514846ac8d771039c72f1c4274edb5b4ce0383
SSDEEP

3072:8pXXqZcm+GW2taY5Ppd+oqByyBgFYgrsUU/OoxATp:4XqP+GVUIbZqHBgOgrz6

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d
- Size
  
  178KB
- MD5
  
  b3c0e085181ea65930563b625aee1669
- SHA1
  
  01d04e8c83780329980801af9c2d41a0a8c4e03f
- SHA256
  
  3a06b876eaee93122ef5996379995a331fbeea28b0e381f27673e7d265e09f0d
- SHA512
  
  229de2573e251459bf21cda97ebc113a10a0d828027e8af7e28603dd7df547b40292a1ec1012872b81c8cd3cf9514846ac8d771039c72f1c4274edb5b4ce0383
- SSDEEP
  
  3072:8pXXqZcm+GW2taY5Ppd+oqByyBgFYgrsUU/OoxATp:4XqP+GVUIbZqHBgOgrz6
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan