smokeloader

General

Target

87dd69225560d8450047f1b8536d2eeb
Size

335KB
Sample

240201-2q7dhaaban
MD5

87dd69225560d8450047f1b8536d2eeb
SHA1

67bf606b4b3b34d7ef8ac5b1953ab1a7a8e7e33b
SHA256

4c67be3bae55934bcd1d482461c9c6fcea941091d43adbcd512240f43c104b46
SHA512

6a881c7e4fbbcd169e3ff0462a27a55576ebcc7b2adca851edee6c6a00a6e0d2b75b3ea696982a47558d65dad983a128a22ab65be0d7e6da79c1762f893233cf
SSDEEP

3072:Xuc6DKv3aKonFR0RLQ2UHxqmMx/7btmA2yls2LK5JP6orhVE+R28raarSy:XujDKvWFR0BbKhMXs2iP6MDfR2C

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

0308

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32

Targets

- Target
  
  87dd69225560d8450047f1b8536d2eeb
- Size
  
  335KB
- MD5
  
  87dd69225560d8450047f1b8536d2eeb
- SHA1
  
  67bf606b4b3b34d7ef8ac5b1953ab1a7a8e7e33b
- SHA256
  
  4c67be3bae55934bcd1d482461c9c6fcea941091d43adbcd512240f43c104b46
- SHA512
  
  6a881c7e4fbbcd169e3ff0462a27a55576ebcc7b2adca851edee6c6a00a6e0d2b75b3ea696982a47558d65dad983a128a22ab65be0d7e6da79c1762f893233cf
- SSDEEP
  
  3072:Xuc6DKv3aKonFR0RLQ2UHxqmMx/7btmA2yls2LK5JP6orhVE+R28raarSy:XujDKvWFR0BbKhMXs2iP6MDfR2C
Score

10^/10

smokeloader 0308 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2