smokeloader | eb604fbd5f3d1fb21f3da7d10c4aa3f368607c918a811aad49f4f19354fe2ead | Triage

Sharing

General

Target

eb604fbd5f3d1fb21f3da7d10c4aa3f368607c918a811aad49f4f19354fe2ead
Size

318KB
Sample

220125-13xjdsgeh9
MD5

f81e5b1e0ef3f521ddb57d5cafb9e8f8
SHA1

5a4a821e5e890c637c0c2f92c453260f66de31b9
SHA256

eb604fbd5f3d1fb21f3da7d10c4aa3f368607c918a811aad49f4f19354fe2ead
SHA512

4b78154430ba83acf82726558ecfbdc73bd0a334b0d72318034f3347bae166bb1aa08f578d04f25b0a98636fff3748fe5a68c9fadbada199eeffe652c7dd9742

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  eb604fbd5f3d1fb21f3da7d10c4aa3f368607c918a811aad49f4f19354fe2ead
- Size
  
  318KB
- MD5
  
  f81e5b1e0ef3f521ddb57d5cafb9e8f8
- SHA1
  
  5a4a821e5e890c637c0c2f92c453260f66de31b9
- SHA256
  
  eb604fbd5f3d1fb21f3da7d10c4aa3f368607c918a811aad49f4f19354fe2ead
- SHA512
  
  4b78154430ba83acf82726558ecfbdc73bd0a334b0d72318034f3347bae166bb1aa08f578d04f25b0a98636fff3748fe5a68c9fadbada199eeffe652c7dd9742
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan