smokeloader | 474599f0b5325df1430e2049698b5af58bedb987332a6127cf6da6c20ff2863f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

474599f0b5325df1430e2049698b5af58bedb987332a6127cf6da6c20ff2863f
Size

278KB
Sample

231123-jr19rshd21
MD5

c08e87aaf0ffcf6bf3ec718611acaef9
SHA1

bd2f43f76b2064d9aee2792b2248e96749252236
SHA256

474599f0b5325df1430e2049698b5af58bedb987332a6127cf6da6c20ff2863f
SHA512

7ad845323884776520ea698bede276890a2fff4ed8198915cfacfc03b341db0fe454c89ab5578526f92f9e938f0a2aa52bf15c2eac35e2dc4b13b3909d46a5c8
SSDEEP

3072:sX0h0Tp8BzmmJcLrddX4DWe9XXD9Wxf0tAO7bFox6V8UR/Uy4Ix9Ivt1Zq7:whG6my0NBtA4RrVTxTe0

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  474599f0b5325df1430e2049698b5af58bedb987332a6127cf6da6c20ff2863f
- Size
  
  278KB
- MD5
  
  c08e87aaf0ffcf6bf3ec718611acaef9
- SHA1
  
  bd2f43f76b2064d9aee2792b2248e96749252236
- SHA256
  
  474599f0b5325df1430e2049698b5af58bedb987332a6127cf6da6c20ff2863f
- SHA512
  
  7ad845323884776520ea698bede276890a2fff4ed8198915cfacfc03b341db0fe454c89ab5578526f92f9e938f0a2aa52bf15c2eac35e2dc4b13b3909d46a5c8
- SSDEEP
  
  3072:sX0h0Tp8BzmmJcLrddX4DWe9XXD9Wxf0tAO7bFox6V8UR/Uy4Ix9Ivt1Zq7:whG6my0NBtA4RrVTxTe0
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan