smokeloader | 2d52cb66d5ca99e82fd4e178c5c3009bbe5a02d3774d3ab019c16cd85cec59d5 | Triage

Sharing

General

Target

2d52cb66d5ca99e82fd4e178c5c3009bbe5a02d3774d3ab019c16cd85cec59d5
Size

256KB
Sample

231107-hladesed33
MD5

45dee96a6c2ee7c1fb18ba48de342e96
SHA1

f111252e7eafe34d8be8e23046f5d2134088a5b6
SHA256

2d52cb66d5ca99e82fd4e178c5c3009bbe5a02d3774d3ab019c16cd85cec59d5
SHA512

1e663baa38d7c73111f30f18d4ab5e2e1d9f10229b1fec3eca9627f74b59aae06a71e2360c24effc2269850603fdb38276e2fe4ded1585245e32af1cbb2068cc
SSDEEP

3072:JsfDJbaD91IiXV8t+pebYH3QOq4TlZhG9TaO9dmN/OK39dtFT:A0D9TF8t+pebYpFZuTaO9dkX3N

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2d52cb66d5ca99e82fd4e178c5c3009bbe5a02d3774d3ab019c16cd85cec59d5
- Size
  
  256KB
- MD5
  
  45dee96a6c2ee7c1fb18ba48de342e96
- SHA1
  
  f111252e7eafe34d8be8e23046f5d2134088a5b6
- SHA256
  
  2d52cb66d5ca99e82fd4e178c5c3009bbe5a02d3774d3ab019c16cd85cec59d5
- SHA512
  
  1e663baa38d7c73111f30f18d4ab5e2e1d9f10229b1fec3eca9627f74b59aae06a71e2360c24effc2269850603fdb38276e2fe4ded1585245e32af1cbb2068cc
- SSDEEP
  
  3072:JsfDJbaD91IiXV8t+pebYH3QOq4TlZhG9TaO9dmN/OK39dtFT:A0D9TF8t+pebYpFZuTaO9dkX3N
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan