smokeloader | 9a23805b493744d541cc279f7676d724e7a0f2824612fc9393c68d49ea2eb384 | Triage

Sharing

General

Target

9a23805b493744d541cc279f7676d724e7a0f2824612fc9393c68d49ea2eb384
Size

201KB
Sample

240213-2yr9jsce52
MD5

0fe9a166d791f5dea93fe2bf4d1facb6
SHA1

2b67d1c2a392bb3e66b2e20902930996c4ce640d
SHA256

9a23805b493744d541cc279f7676d724e7a0f2824612fc9393c68d49ea2eb384
SHA512

952089bd3079cefb44e86fe7fc2e6be95221807a379948713e6b9022db9e24a3228780b2a2b400634af6d7c0345b368cf64dbae55dfdaef3bc5c7ce755cf35c4
SSDEEP

6144:T6WLbZAkKGQiE4JwW9feH1jD73NWsEnTRa:3/ZAT9FoN9EjP9W5n

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9a23805b493744d541cc279f7676d724e7a0f2824612fc9393c68d49ea2eb384
- Size
  
  201KB
- MD5
  
  0fe9a166d791f5dea93fe2bf4d1facb6
- SHA1
  
  2b67d1c2a392bb3e66b2e20902930996c4ce640d
- SHA256
  
  9a23805b493744d541cc279f7676d724e7a0f2824612fc9393c68d49ea2eb384
- SHA512
  
  952089bd3079cefb44e86fe7fc2e6be95221807a379948713e6b9022db9e24a3228780b2a2b400634af6d7c0345b368cf64dbae55dfdaef3bc5c7ce755cf35c4
- SSDEEP
  
  6144:T6WLbZAkKGQiE4JwW9feH1jD73NWsEnTRa:3/ZAT9FoN9EjP9W5n
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan