smokeloader

General

Target

99ec7b8d3088ed88905be149bddecc62
Size

202KB
Sample

240213-xywjrahc55
MD5

99ec7b8d3088ed88905be149bddecc62
SHA1

4d059eca95c323abb6259150545512be0e6ee741
SHA256

9d4306483d7f9aa28e5a20b9d82c75a1403d5cfd2ccfd52866dc4a9de9776ea3
SHA512

23a549f78edae15ba7952929eecc6b66930060ce5fd98fcc2e8f597c97eb60a31e8555323529b8c86b4af794c7ac27284209b863cca4aa87439c4b66adff3571
SSDEEP

3072:b0XNtEXmtswUc8iUIyYLASXoZb155uK1dFKGXOauuYBK:2QwUc8iU3+jXoTuA9uq

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

0608

Extracted

Family

smokeloader

Version

2020

C2

http://readinglistforjuly1.xyz/

http://readinglistforjuly2.xyz/

http://readinglistforjuly3.xyz/

http://readinglistforjuly4.xyz/

http://readinglistforjuly5.xyz/

http://readinglistforjuly6.xyz/

http://readinglistforjuly7.xyz/

http://readinglistforjuly8.xyz/

http://readinglistforjuly9.xyz/

http://readinglistforjuly10.xyz/

http://readinglistforjuly1.site/

http://readinglistforjuly2.site/

http://readinglistforjuly3.site/

http://readinglistforjuly4.site/

http://readinglistforjuly5.site/

http://readinglistforjuly6.site/

http://readinglistforjuly7.site/

http://readinglistforjuly8.site/

http://readinglistforjuly9.site/

http://readinglistforjuly10.site/

rc4.i32

Targets

- Target
  
  99ec7b8d3088ed88905be149bddecc62
- Size
  
  202KB
- MD5
  
  99ec7b8d3088ed88905be149bddecc62
- SHA1
  
  4d059eca95c323abb6259150545512be0e6ee741
- SHA256
  
  9d4306483d7f9aa28e5a20b9d82c75a1403d5cfd2ccfd52866dc4a9de9776ea3
- SHA512
  
  23a549f78edae15ba7952929eecc6b66930060ce5fd98fcc2e8f597c97eb60a31e8555323529b8c86b4af794c7ac27284209b863cca4aa87439c4b66adff3571
- SSDEEP
  
  3072:b0XNtEXmtswUc8iUIyYLASXoZb155uK1dFKGXOauuYBK:2QwUc8iU3+jXoTuA9uq
Score

10^/10

smokeloader 0608 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2