smokeloader | dbe4ea00f222a09403e163e3e7fc98f9e131d1b977c69c8fe28e56c7c259ad46 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbe4ea00f222a09403e163e3e7fc98f9e131d1b977c69c8fe28e56c7c259ad46
Size

258KB
Sample

231107-aeny8sac53
MD5

47e69c66f2ce679115843089ccca3580
SHA1

2a06112240c373a57801b17477c9d9860fb597c0
SHA256

dbe4ea00f222a09403e163e3e7fc98f9e131d1b977c69c8fe28e56c7c259ad46
SHA512

872090aac4d7c5937804519c132c3bb859e0f1f7e9464fd953f059746926c071255f4e9b2e09207528f9fb429b066fcc2285792fc15152a62eb8b0438c532fa8
SSDEEP

3072:nsD8JvlZNQ2rtm7RdcX+4eYWDvfXdhOeB9yDbVrwdTF7IMOBlR9idtvH:IKlAAOdcXZeYcfthDIVkT7IMaljS

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  dbe4ea00f222a09403e163e3e7fc98f9e131d1b977c69c8fe28e56c7c259ad46
- Size
  
  258KB
- MD5
  
  47e69c66f2ce679115843089ccca3580
- SHA1
  
  2a06112240c373a57801b17477c9d9860fb597c0
- SHA256
  
  dbe4ea00f222a09403e163e3e7fc98f9e131d1b977c69c8fe28e56c7c259ad46
- SHA512
  
  872090aac4d7c5937804519c132c3bb859e0f1f7e9464fd953f059746926c071255f4e9b2e09207528f9fb429b066fcc2285792fc15152a62eb8b0438c532fa8
- SSDEEP
  
  3072:nsD8JvlZNQ2rtm7RdcX+4eYWDvfXdhOeB9yDbVrwdTF7IMOBlR9idtvH:IKlAAOdcXZeYcfthDIVkT7IMaljS
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan