smokeloader | 378a0517d54f3474d66179b49fefcd080e062926a8ce769e30f943f76730c942 | Triage

Sharing

General

Target

378a0517d54f3474d66179b49fefcd080e062926a8ce769e30f943f76730c942
Size

129KB
Sample

240417-sbfgssef3z
MD5

cde60b9706f4e5d9c4dfc68816ad3a40
SHA1

0dba33917605b19f6f4ffe49484c780a9ef21e65
SHA256

378a0517d54f3474d66179b49fefcd080e062926a8ce769e30f943f76730c942
SHA512

f4aef5eca01e814f31d83ce6f38714cec1b5cd717785d49358d363b9eae0d4f9e2ddb726625b3ec096892cbea9f20f2b0b06b425a53896278f923e929bd8e17e
SSDEEP

3072:nSWVFdCo0zXafyvo/xZJpAFW1SpY5pX8Je:PJCXXaTPAU1j5pMJe

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483.exe
- Size
  
  203KB
- MD5
  
  7b2592bee2a2b4cfb28502892c619612
- SHA1
  
  c4477fef847e926783d54efb7c577fdb8d2407f9
- SHA256
  
  9c98f0f798b53d28919e7c8f7331619c509e24045d1f4dd192f86f2a6115d483
- SHA512
  
  c9527802e2d80f8f226471fc1d0791dea2efc29e51eba03c2525defc6d6be41e8b8f2bcf1ecf30c543a9476d520ef53ab898b912a1a69086b83cc0bb5d28c1fe
- SSDEEP
  
  3072:dDoO2LbVS5fgevom6PJiMrt+NqaDD3LP2uHv49GriBditdi16kwxZRUiaD:S3LbfGMTI3LPJPqG2Bkeia
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan