smokeloader | 9a0541f97e1222ebd509fca35c7da412a715a386799292b9d80ab4b510f0203e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a0541f97e1222ebd509fca35c7da412a715a386799292b9d80ab4b510f0203e
Size

256KB
Sample

231119-1mvd4acg7x
MD5

e8f66ae6141f24aab9daebaf11f97bc7
SHA1

e9b5e9bb6e17ae7dce9676fddca7596f7a21e5a1
SHA256

9a0541f97e1222ebd509fca35c7da412a715a386799292b9d80ab4b510f0203e
SHA512

9a7759559e544cd1bfda9329f41473419162ee445d2589600600e342b3b9d3e2624d6fc8f4bc4a3b8aea3aaf49f5a9c1b22cc0c6ad30eb41aae5c9486277e056
SSDEEP

3072:5PUWLC15TTNyHAs0YMRqbAuRn8PLvcXYRBNQc7ovb9P4+:5ryTTA/blnPsNQQM2

Score

10^/10

smokeloader up4 backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9a0541f97e1222ebd509fca35c7da412a715a386799292b9d80ab4b510f0203e
- Size
  
  256KB
- MD5
  
  e8f66ae6141f24aab9daebaf11f97bc7
- SHA1
  
  e9b5e9bb6e17ae7dce9676fddca7596f7a21e5a1
- SHA256
  
  9a0541f97e1222ebd509fca35c7da412a715a386799292b9d80ab4b510f0203e
- SHA512
  
  9a7759559e544cd1bfda9329f41473419162ee445d2589600600e342b3b9d3e2624d6fc8f4bc4a3b8aea3aaf49f5a9c1b22cc0c6ad30eb41aae5c9486277e056
- SSDEEP
  
  3072:5PUWLC15TTNyHAs0YMRqbAuRn8PLvcXYRBNQc7ovb9P4+:5ryTTA/blnPsNQQM2
Score

10^/10

smokeloader up4 backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup4backdoorpersistencetrojan