smokeloader | 04ec5cba9e637fb244c70f81b01423ee8167965131030e2f79ebe34a89c12b84 | Triage

Sharing

General

Target

b8a282944da80ceba706a7997cb4cebb.bin
Size

159KB
Sample

231113-dd8tssga7t
MD5

d6c85b72eb42503a43771fc3f812cdc4
SHA1

221ae7ed5d12bb9ff2a58aa4462c07aae3901726
SHA256

04ec5cba9e637fb244c70f81b01423ee8167965131030e2f79ebe34a89c12b84
SHA512

bfcef7ddd9570ca9e6d774b4e226da137f8a23fefabc1727a8de798fc25e428013902af1e71bcfaf60a795f4bfea825e83ded4f34965f649f62d4717dfc8e92f
SSDEEP

3072:U7rTVd9aq+7oQJDsXPjp9n7N0IdEP4XxZghpXPxjJ3DUlLmDHxpU:U73Vd9vqijH2whujPFJ3YLSHw

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fbc30e0aae1d6fac1226f8bfa45fba45dcf262445c81a770a69ded680e5431ee.exe
- Size
  
  253KB
- MD5
  
  b8a282944da80ceba706a7997cb4cebb
- SHA1
  
  ea1a8f3d0d12933449c8315268e6cac7ce575b71
- SHA256
  
  fbc30e0aae1d6fac1226f8bfa45fba45dcf262445c81a770a69ded680e5431ee
- SHA512
  
  e9e8d6607943b1ec1df02892118a0b9336da8b7f0d1a9bb75e093fe6376eed4f1559c0e63b701e9a1785975d791667eb48e5e4bd1341c55ae74ffe0dc66a8406
- SSDEEP
  
  3072:wFR/d9JnGLn/tFCmJXppI5nXYnDFpJi0NbTjaJfKeAljoq5X1YblV1L:qR/d9tGLnlFJJf+noR7DNPjGkf1YDh
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan