smokeloader | 47bc1dcb7b357b7d172d47228e88def3be0212a505ca1682a1d375b0d3a60d53 | Triage

Sharing

General

Target

47bc1dcb7b357b7d172d47228e88def3be0212a505ca1682a1d375b0d3a60d53
Size

250KB
Sample

231116-kk6fksha55
MD5

8f4c3f8a7fcb330a372d738fdf90c09d
SHA1

c635b2c53d9301cb5aadde366b1ef0e707071e84
SHA256

47bc1dcb7b357b7d172d47228e88def3be0212a505ca1682a1d375b0d3a60d53
SHA512

797346045166b54efd7dde2c8cbcdfcd9b440622e7c17aa476bd2ad53bcc59ad748ae59dc3bcf73a8aa479be9d55f813b5212f8c5a9b5a86a978b8e701481b67
SSDEEP

3072:ITv/LhQzt43zVk8r/W8X541oyJsx7oRW1VKsic/:GnLhQz6jVkw/FX5Ljwy

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  47bc1dcb7b357b7d172d47228e88def3be0212a505ca1682a1d375b0d3a60d53
- Size
  
  250KB
- MD5
  
  8f4c3f8a7fcb330a372d738fdf90c09d
- SHA1
  
  c635b2c53d9301cb5aadde366b1ef0e707071e84
- SHA256
  
  47bc1dcb7b357b7d172d47228e88def3be0212a505ca1682a1d375b0d3a60d53
- SHA512
  
  797346045166b54efd7dde2c8cbcdfcd9b440622e7c17aa476bd2ad53bcc59ad748ae59dc3bcf73a8aa479be9d55f813b5212f8c5a9b5a86a978b8e701481b67
- SSDEEP
  
  3072:ITv/LhQzt43zVk8r/W8X541oyJsx7oRW1VKsic/:GnLhQz6jVkw/FX5Ljwy
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan