smokeloader | 9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483.exe
Size

203KB
Sample

240103-sxnejaabf8
MD5

7b2592bee2a2b4cfb28502892c619612
SHA1

c4477fef847e926783d54efb7c577fdb8d2407f9
SHA256

9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483
SHA512

c9527802e2d80f8f226471fc1d0791dea2efc29e51eba03c2525defc6d6be41e8b8f2bcf1ecf30c543a9476d520ef53ab898b912a1a69086b83cc0bb5d28c1fe
SSDEEP

3072:dDoO2LbVS5fgevom6PJiMrt+NqaDD3LP2uHv49GriBditdi16kwxZRUiaD:S3LbfGMTI3LPJPqG2Bkeia

Score

10^/10

smokeloader pub1 backdoor evasion trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483.exe
- Size
  
  203KB
- MD5
  
  7b2592bee2a2b4cfb28502892c619612
- SHA1
  
  c4477fef847e926783d54efb7c577fdb8d2407f9
- SHA256
  
  9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483
- SHA512
  
  c9527802e2d80f8f226471fc1d0791dea2efc29e51eba03c2525defc6d6be41e8b8f2bcf1ecf30c543a9476d520ef53ab898b912a1a69086b83cc0bb5d28c1fe
- SSDEEP
  
  3072:dDoO2LbVS5fgevom6PJiMrt+NqaDD3LP2uHv49GriBditdi16kwxZRUiaD:S3LbfGMTI3LPJPqG2Bkeia
Score

10^/10

smokeloader pub1 backdoor evasion trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoorevasiontrojan

behavioral2

smokeloaderpub1backdoorevasiontrojan