smokeloader | 1e437f4df128610643187a32fb0c788df5d293fa34e56878998caeae15774d2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e437f4df128610643187a32fb0c788df5d293fa34e56878998caeae15774d2f
Size

200KB
Sample

231115-ga5vhsch53
MD5

3b3eefea5649497ff830148ac872f4d7
SHA1

ddd8dfe214e04f2b5944abc9ec2edc10ca5931b6
SHA256

1e437f4df128610643187a32fb0c788df5d293fa34e56878998caeae15774d2f
SHA512

bd18a30b27d504fe7b268d892c84e1f9a96202577e756f16df68380be40867e7ced55141009f991c1482faac4994244f8dcb48a3c906409d6b47b3d0f193340b
SSDEEP

3072:7q8rkGJ4oA5JnGXOHOkXY/v+yrqKOHeKm/P+gNENNyFIsX+bq:CGPA5tGXVeYOyrq7HeKHCFf

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1e437f4df128610643187a32fb0c788df5d293fa34e56878998caeae15774d2f
- Size
  
  200KB
- MD5
  
  3b3eefea5649497ff830148ac872f4d7
- SHA1
  
  ddd8dfe214e04f2b5944abc9ec2edc10ca5931b6
- SHA256
  
  1e437f4df128610643187a32fb0c788df5d293fa34e56878998caeae15774d2f
- SHA512
  
  bd18a30b27d504fe7b268d892c84e1f9a96202577e756f16df68380be40867e7ced55141009f991c1482faac4994244f8dcb48a3c906409d6b47b3d0f193340b
- SSDEEP
  
  3072:7q8rkGJ4oA5JnGXOHOkXY/v+yrqKOHeKm/P+gNENNyFIsX+bq:CGPA5tGXVeYOyrq7HeKHCFf
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan