smokeloader | 0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac | Triage

Sharing

General

Target

0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
Size

152KB
Sample

240417-sazjaadb45
MD5

0b1324bf98988b0fdba9a7d3fdd4c06a
SHA1

9ad3caf475e25661140cf49bcd6aa3d41a5db6b6
SHA256

0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
SHA512

4ef4e9459e56f6ef6e54bfba902cf5e04adedb3a1c42151b9ba9a9fdbfc439ff2d525b76176a68e94202ca39723fffea2c587045566e1495d25669e7223e42fb
SSDEEP

3072:U+6h6aLyDVpsdk7XBEfQtHFRhjlSdbPT0E45VuG9fNM:U+6h6RDzsiBEItljl4bwEirS

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe
- Size
  
  240KB
- MD5
  
  a70beab441000bc91a25aae31cd41f62
- SHA1
  
  a699eb42f5554c1239ea1fa7cce7dff7dedbed20
- SHA256
  
  a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1
- SHA512
  
  455d61785100673a2c4078bf360f18ce4429f5d6b37e4d1ea5416b3c9cf2cfa868eea70246d62a94bf8b786a6e3d748db2828aaf5e15a016c91760c8741d671f
- SSDEEP
  
  3072:mfULUw/RZ6NlXJLJd/77ai8biDLtKJVoujY+ZIgvLufhgeRp:mfULzRZ6zXJLJd/77pwMmVTYgege
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan