smokeloader

General

Target

1f6a038b6f7993ddb94f24ee30311f9a
Size

299KB
Sample

231219-phsh6aaccp
MD5

1f6a038b6f7993ddb94f24ee30311f9a
SHA1

bcd2a26190a8faef7a9b23f462cdb2db4e47e89e
SHA256

24a7636a676dc09dffe8365b94931c908891dbe55fa81f92279777ecf496db00
SHA512

3ec3e77d7d5198ecfcaed9e982745603f0fc05e6dac4877659d9529f0907b95fb5904b439addfcca5fe8ebe61a753cf7c305583c6dfa7d39f192fe7b55dd47b5
SSDEEP

6144:E/9cSPf0NLeK5PzX+tdE8vgg2Mn0qJL6tOOhxxdeTr/ekId:Ex8TzX+c4gg7xL6Jzxd6Lq

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://fiskahlilian16.top/

http://paishancho17.top/

http://ydiannetter18.top/

http://azarehanelle19.top/

http://quericeriant20.top/

rc4.i32

1
0x33f8f0d2

rc4.i32

1
0xaa0488bb

Targets

- Target
  
  1f6a038b6f7993ddb94f24ee30311f9a
- Size
  
  299KB
- MD5
  
  1f6a038b6f7993ddb94f24ee30311f9a
- SHA1
  
  bcd2a26190a8faef7a9b23f462cdb2db4e47e89e
- SHA256
  
  24a7636a676dc09dffe8365b94931c908891dbe55fa81f92279777ecf496db00
- SHA512
  
  3ec3e77d7d5198ecfcaed9e982745603f0fc05e6dac4877659d9529f0907b95fb5904b439addfcca5fe8ebe61a753cf7c305583c6dfa7d39f192fe7b55dd47b5
- SSDEEP
  
  6144:E/9cSPf0NLeK5PzX+tdE8vgg2Mn0qJL6tOOhxxdeTr/ekId:Ex8TzX+c4gg7xL6Jzxd6Lq
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.