smokeloader | 4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9 | Triage

Sharing

General

Target

4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9
Size

216KB
Sample

231113-fhkzmshe7z
MD5

e0eccfd84eaf2fbf613069e17d085ba7
SHA1

a68050f4716f17cb95423fe0f67aae22b1ab2a42
SHA256

4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9
SHA512

3a834c1aa29660030a9ddb6f170a9c01cb8ec9371d5ef0e10bca3febf014ac442943b46844c1b58239c50a792c970288de347766cc04374bfa8bb955870c7c03
SSDEEP

3072:CWVg843ejWZeqSodCu/vGWQLq/dJ4jOMbhZflMOfPbKzbvburZS:lO6yrEu/+H2/dJ4jOMFvMOHbYe

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9
- Size
  
  216KB
- MD5
  
  e0eccfd84eaf2fbf613069e17d085ba7
- SHA1
  
  a68050f4716f17cb95423fe0f67aae22b1ab2a42
- SHA256
  
  4155c038e9e3a850eb82d6cdb444229a1142f683ea9139f5eedd4b6d991788b9
- SHA512
  
  3a834c1aa29660030a9ddb6f170a9c01cb8ec9371d5ef0e10bca3febf014ac442943b46844c1b58239c50a792c970288de347766cc04374bfa8bb955870c7c03
- SSDEEP
  
  3072:CWVg843ejWZeqSodCu/vGWQLq/dJ4jOMbhZflMOfPbKzbvburZS:lO6yrEu/+H2/dJ4jOMFvMOHbYe
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan