smokeloader | 5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f | Triage

Sharing

General

Target

5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f
Size

244KB
Sample

231116-qt7mwsdd9s
MD5

4137b230bb95d9e8cab423efba2d9fb8
SHA1

998c7fbe1ed9f6e9951241ba6d9b7b42b2a24485
SHA256

5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f
SHA512

a1751a39818d2d3c2676fde8c58231d1a482f563754546fca5edb4d7a8b095d423ea97595ef11eed8cdf90324b349524c02a84dd6d9a1d6d6685c8987e95bb49
SSDEEP

3072:jM8XmLvF4vCCgH7vfwI20nWi3gcGkcb7M2aIG4RmxKIBP4Ksikn:wvLvFIgbvfAGDwqcb7MSuQIBZ6

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f
- Size
  
  244KB
- MD5
  
  4137b230bb95d9e8cab423efba2d9fb8
- SHA1
  
  998c7fbe1ed9f6e9951241ba6d9b7b42b2a24485
- SHA256
  
  5d8340b6290134837984a8bcea62f914d1e8fd9dcaf3f29021477f5a1283251f
- SHA512
  
  a1751a39818d2d3c2676fde8c58231d1a482f563754546fca5edb4d7a8b095d423ea97595ef11eed8cdf90324b349524c02a84dd6d9a1d6d6685c8987e95bb49
- SSDEEP
  
  3072:jM8XmLvF4vCCgH7vfwI20nWi3gcGkcb7M2aIG4RmxKIBP4Ksikn:wvLvFIgbvfAGDwqcb7MSuQIBZ6
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan