smokeloader | e30f44a6be0a17d2d3976c8fc2b3b57b01944e9200e755c1c469b3a1c462f966 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e30f44a6be0a17d2d3976c8fc2b3b57b01944e9200e755c1c469b3a1c462f966
Size

257KB
Sample

231212-mvb1tsdbb7
MD5

4532ed7ec03349cf3d2239494c391bcf
SHA1

609dffea9b86dabe7f5d4a215d2591d32841718d
SHA256

e30f44a6be0a17d2d3976c8fc2b3b57b01944e9200e755c1c469b3a1c462f966
SHA512

829883b45eb16a17749ca30a8413a2430c117b0efcf84cb5bf8ae6c5de2a0833b37e50fc4d57308ab67ecd5fcfea0ba166ddb9178123bc73304136eea2a1d125
SSDEEP

3072:GffFgLc69ZEmDRBXiq5LDV7sn0u+12hHDO7vnZON71c5RRYSdLv9sHTu:wFgLX9emD/XB5dd12hAEGvRVMT

Score

10^/10

smokeloader pu10 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pu10

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e30f44a6be0a17d2d3976c8fc2b3b57b01944e9200e755c1c469b3a1c462f966
- Size
  
  257KB
- MD5
  
  4532ed7ec03349cf3d2239494c391bcf
- SHA1
  
  609dffea9b86dabe7f5d4a215d2591d32841718d
- SHA256
  
  e30f44a6be0a17d2d3976c8fc2b3b57b01944e9200e755c1c469b3a1c462f966
- SHA512
  
  829883b45eb16a17749ca30a8413a2430c117b0efcf84cb5bf8ae6c5de2a0833b37e50fc4d57308ab67ecd5fcfea0ba166ddb9178123bc73304136eea2a1d125
- SSDEEP
  
  3072:GffFgLc69ZEmDRBXiq5LDV7sn0u+12hHDO7vnZON71c5RRYSdLv9sHTu:wFgLX9emD/XB5dd12hAEGvRVMT
Score

10^/10

smokeloader pu10 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpu10backdoortrojan