smokeloader

General

Target

6ec371eb3f7f86595a8793b16179b0b1
Size

312KB
Sample

231226-pqlqksbgbm
MD5

6ec371eb3f7f86595a8793b16179b0b1
SHA1

89385cb53103198932e98d7ecadc25ffaa7ed675
SHA256

4254915796d8d129d36f443ed779f94cdb001bae40707806a11679e322864d85
SHA512

dcfc5d24f840dcaf30686080000c3dbb177ce5630dab94171446d17523ce49eb3c2ae9fa7eab413420ac5a8f75b733238698e34548278bae52c49c8f9c918a1c
SSDEEP

6144:R3Xh7ZBiUdDd/GslM9c8DXC30hNUeBP1PfgBPX05rWcWy9SbKLtEzE3e:RBdBTdD5JlM9cgC3gUenYv0dZ39P+zEu

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

0208

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32

Targets

- Target
  
  6ec371eb3f7f86595a8793b16179b0b1
- Size
  
  312KB
- MD5
  
  6ec371eb3f7f86595a8793b16179b0b1
- SHA1
  
  89385cb53103198932e98d7ecadc25ffaa7ed675
- SHA256
  
  4254915796d8d129d36f443ed779f94cdb001bae40707806a11679e322864d85
- SHA512
  
  dcfc5d24f840dcaf30686080000c3dbb177ce5630dab94171446d17523ce49eb3c2ae9fa7eab413420ac5a8f75b733238698e34548278bae52c49c8f9c918a1c
- SSDEEP
  
  6144:R3Xh7ZBiUdDd/GslM9c8DXC30hNUeBP1PfgBPX05rWcWy9SbKLtEzE3e:RBdBTdD5JlM9cgC3gUenYv0dZ39P+zEu
Score

10^/10

smokeloader 0208 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2