smokeloader | 91a8e848177446722f862f34c2078b85e809c5887e13f7a73f38cb3bb8e8f3d3 | Triage

Sharing

General

Target

91a8e848177446722f862f34c2078b85e809c5887e13f7a73f38cb3bb8e8f3d3
Size

256KB
Sample

231106-w4yqmaed96
MD5

5a1ecadc1248be19c79d54132864012e
SHA1

88e5bb3fb79d6fee132b1038760c7acd58f03790
SHA256

91a8e848177446722f862f34c2078b85e809c5887e13f7a73f38cb3bb8e8f3d3
SHA512

03c6a482fa79b60a0293453083c5cef82abd66563956da4ed6e43261cdecf345eaae06f2b7090e195c8cb53279748e587ebd9ab2df6853fd52ec2e903ef10993
SSDEEP

3072:qrQNtkltjUeKHwHF0FQd3Wqk1QtQxHViKmVE+PmZj2LeaxoGOQi:hkltweTGFQdmqk15NVgVLPml2Kaxo

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  91a8e848177446722f862f34c2078b85e809c5887e13f7a73f38cb3bb8e8f3d3
- Size
  
  256KB
- MD5
  
  5a1ecadc1248be19c79d54132864012e
- SHA1
  
  88e5bb3fb79d6fee132b1038760c7acd58f03790
- SHA256
  
  91a8e848177446722f862f34c2078b85e809c5887e13f7a73f38cb3bb8e8f3d3
- SHA512
  
  03c6a482fa79b60a0293453083c5cef82abd66563956da4ed6e43261cdecf345eaae06f2b7090e195c8cb53279748e587ebd9ab2df6853fd52ec2e903ef10993
- SSDEEP
  
  3072:qrQNtkltjUeKHwHF0FQd3Wqk1QtQxHViKmVE+PmZj2LeaxoGOQi:hkltweTGFQdmqk15NVgVLPml2Kaxo
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan