smokeloader | 56fe3f19cc2e20cde7faa795a13f216a29132eca1f29f1c0fa5718e275f8e579 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56fe3f19cc2e20cde7faa795a13f216a29132eca1f29f1c0fa5718e275f8e579
Size

232KB
Sample

231121-ah5q6aah93
MD5

3eb6b15f257c7a62e89ec6463a3ea4c3
SHA1

ee9cfb0b8a9a0ad6a8d996875bf2bb5bab85d8b3
SHA256

56fe3f19cc2e20cde7faa795a13f216a29132eca1f29f1c0fa5718e275f8e579
SHA512

aa37ef7f8f647f1f36faa3f195427dd78b1d2cbf88acd276153072ec93209febdb4a4aa1b47b164c1fbcc99e72686cdf8bee89e6ea4077ce34306afd381b96b3
SSDEEP

3072:rsrhBPJq3wzy4cykgquz/Som6bADUmT6590FVkzs+wHZ553rp:Irhbqgzyr4pz/26bYUm+D4LB3

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  56fe3f19cc2e20cde7faa795a13f216a29132eca1f29f1c0fa5718e275f8e579
- Size
  
  232KB
- MD5
  
  3eb6b15f257c7a62e89ec6463a3ea4c3
- SHA1
  
  ee9cfb0b8a9a0ad6a8d996875bf2bb5bab85d8b3
- SHA256
  
  56fe3f19cc2e20cde7faa795a13f216a29132eca1f29f1c0fa5718e275f8e579
- SHA512
  
  aa37ef7f8f647f1f36faa3f195427dd78b1d2cbf88acd276153072ec93209febdb4a4aa1b47b164c1fbcc99e72686cdf8bee89e6ea4077ce34306afd381b96b3
- SSDEEP
  
  3072:rsrhBPJq3wzy4cykgquz/Som6bADUmT6590FVkzs+wHZ553rp:Irhbqgzyr4pz/26bYUm+D4LB3
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan