smokeloader | 431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207
Size

207KB
Sample

231114-cedvdafh9w
MD5

d8068ec5d28bfd029c0e6dd719620118
SHA1

9cbae61a1750f2181edb6a2c8ebd4615a0ecd588
SHA256

431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207
SHA512

53956bed5e578dd58a5a789556223b66e5567911354235504bab6c0d5cf87d1e93de6f24a86ae3cafe51b31c7035db12baf54851d88fb29ee3729a32a6ef71f8
SSDEEP

3072:sC4Z8i/3whM4M3wN17jakiuS86JSh/0YxA7mbfY6B:e/Au4MgN1H8uJ6JSh9vx

Score

10^/10

smokeloader up3 backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207.exe

Resource

win10-20231020-en

smokeloader up3 backdoor trojan

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207
- Size
  
  207KB
- MD5
  
  d8068ec5d28bfd029c0e6dd719620118
- SHA1
  
  9cbae61a1750f2181edb6a2c8ebd4615a0ecd588
- SHA256
  
  431333490dfa700b9932f52cededba2cabd18d951cbbee02a5910081c3466207
- SHA512
  
  53956bed5e578dd58a5a789556223b66e5567911354235504bab6c0d5cf87d1e93de6f24a86ae3cafe51b31c7035db12baf54851d88fb29ee3729a32a6ef71f8
- SSDEEP
  
  3072:sC4Z8i/3whM4M3wN17jakiuS86JSh/0YxA7mbfY6B:e/Au4MgN1H8uJ6JSh9vx
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

© 2018-2025

Terms | Privacy