smokeloader | 3b2238a20bd84a7a4386955e9891893537632009954a29af03298641429d43ee | Triage

Sharing

General

Target

3b2238a20bd84a7a4386955e9891893537632009954a29af03298641429d43ee
Size

173KB
Sample

240417-r9p88aee2v
MD5

4001dc3fd442eb9ee6da1eb66c12ce8a
SHA1

723608445f4e39fd183080d20f8ad29955ed858c
SHA256

3b2238a20bd84a7a4386955e9891893537632009954a29af03298641429d43ee
SHA512

e6348a4ade88dcb3df669359a199ca0df304f0209cdf9aa858ae8983a3adc11e09e3debaa53d8a36ff73eb412e1b89550082b43ba9221ee92a2b482d1778ed34
SSDEEP

3072:lBHn67sr7BfbaD+HrCF6Vmr4nuDLciddO9WrxzH1AJrxhq2UaQ394dO+2y:lBHQsxbaDwHukidaexzH1KNhq2ro93y

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  2e08721f791305935eb167081cc4dc13b58297d3810ef998026c7a0a59f00f40.exe
- Size
  
  301KB
- MD5
  
  f127ade2e89118628ebbbd9ec1cdc39d
- SHA1
  
  6b809f9841021a85db849335cb5dade1e6803b9b
- SHA256
  
  2e08721f791305935eb167081cc4dc13b58297d3810ef998026c7a0a59f00f40
- SHA512
  
  38cf4f2b67c3daa301a5d8431b3104a278357ec44cc485f969c3b11784f070fa00be466a1e3f901edc8bb48f3e8f52c784962c082d17cf263434bfc0bb15fa11
- SSDEEP
  
  6144:R8lL2DkSZY1P0N9pWXe8/5dfTgYn79o6q:R+7SZYd1Xegn7a
Score

10^/10

smokeloader up3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderup3backdoortrojan

behavioral2

smokeloaderup3backdoortrojan