smokeloader | 3cac29b31ae8e590843825e3603d4f83e3853662fdb2f0514e97219458aed134 | Triage

Sharing

General

Target

3cac29b31ae8e590843825e3603d4f83e3853662fdb2f0514e97219458aed134
Size

271KB
Sample

231122-ff1bjsba7x
MD5

31cf506f2d38f705f29959d54eb141fe
SHA1

60e1b40d0c9d3f90d4a244b6dca19d4c232112fe
SHA256

3cac29b31ae8e590843825e3603d4f83e3853662fdb2f0514e97219458aed134
SHA512

399b868a6627c3cfc47dccc597bf2b133bd690a6d30583c4fe6aec1cbf9535933d3da69b6dcda3cd7e6364779f0779b64e4868c1c24da409331949ebf56cbb9d
SSDEEP

3072:X5UE7shZP8MuQDNC3NAr3/1pvili9A9DaBSXYswhunlmmgyP/J9ZDP6cPB:pTsR8rQxcOdJilz9HYVhunFTJi

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3cac29b31ae8e590843825e3603d4f83e3853662fdb2f0514e97219458aed134
- Size
  
  271KB
- MD5
  
  31cf506f2d38f705f29959d54eb141fe
- SHA1
  
  60e1b40d0c9d3f90d4a244b6dca19d4c232112fe
- SHA256
  
  3cac29b31ae8e590843825e3603d4f83e3853662fdb2f0514e97219458aed134
- SHA512
  
  399b868a6627c3cfc47dccc597bf2b133bd690a6d30583c4fe6aec1cbf9535933d3da69b6dcda3cd7e6364779f0779b64e4868c1c24da409331949ebf56cbb9d
- SSDEEP
  
  3072:X5UE7shZP8MuQDNC3NAr3/1pvili9A9DaBSXYswhunlmmgyP/J9ZDP6cPB:pTsR8rQxcOdJilz9HYVhunFTJi
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan