smokeloader | 1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9 | Triage

Sharing

General

Target

1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9
Size

227KB
Sample

231116-ztlvvsfe23
MD5

78e1ca1572ad5b5111c103c59bb9bb38
SHA1

9e169cc9eb2f0ea80396858eff0bf793bd589f16
SHA256

1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9
SHA512

86ca98952d87c54bc18754f2b92c14220f3b6d1054160d76d9d8be0205291039195ab0712e48dfb663a6e240f162cd221ac7847438631af11e0c99ed5a06c9a1
SSDEEP

3072:Vwz1LtEGCHJtLKZZA62jYUDcBoLPJxlXROjSeJN1c:CLtEhp9Kw62hD8nj

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9
- Size
  
  227KB
- MD5
  
  78e1ca1572ad5b5111c103c59bb9bb38
- SHA1
  
  9e169cc9eb2f0ea80396858eff0bf793bd589f16
- SHA256
  
  1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9
- SHA512
  
  86ca98952d87c54bc18754f2b92c14220f3b6d1054160d76d9d8be0205291039195ab0712e48dfb663a6e240f162cd221ac7847438631af11e0c99ed5a06c9a1
- SSDEEP
  
  3072:Vwz1LtEGCHJtLKZZA62jYUDcBoLPJxlXROjSeJN1c:CLtEhp9Kw62hD8nj
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan