Overview

overview

10

Static

static

3586438283...e8.exe

windows10_x64

10

Resubmissions

23-01-2022 15:53

220123-tbzq4sgbf6 10

23-01-2022 15:53

220123-tbqs7sgbbn 1

18-01-2022 08:19

220118-j7wdfsadhk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35864382833fc66855d298379af2a9e8.exe

  • Size

    294KB

  • Sample

    220123-tbzq4sgbf6

  • MD5

    35864382833fc66855d298379af2a9e8

  • SHA1

    7ec6bae175871ee0090c36d6a3d5edc76e0b80e9

  • SHA256

    b7ce418c53baa2aaf76c92f5bcc41f00f54976dbf12145d26e4ded625b78a5a0

  • SHA512

    86d723a3868ccad42f9ac3803f2fc7359b107a9592f78ea8f03ada1d3b94bc7f197f9b8ed5480f0bece80f93877dcf96ccde44124f5dae698470be22aa6b5bad

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/
rc4.i32
rc4.i32

Targets

    • Target

      35864382833fc66855d298379af2a9e8.exe

    • Size

      294KB

    • MD5

      35864382833fc66855d298379af2a9e8

    • SHA1

      7ec6bae175871ee0090c36d6a3d5edc76e0b80e9

    • SHA256

      b7ce418c53baa2aaf76c92f5bcc41f00f54976dbf12145d26e4ded625b78a5a0

    • SHA512

      86d723a3868ccad42f9ac3803f2fc7359b107a9592f78ea8f03ada1d3b94bc7f197f9b8ed5480f0bece80f93877dcf96ccde44124f5dae698470be22aa6b5bad

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks