smokeloader | a95f194e921555f4b2c64675c12c0fe22d74a145c298274fe48700a9791f0dcc | Triage

Sharing

General

Target

a95f194e921555f4b2c64675c12c0fe22d74a145c298274fe48700a9791f0dcc
Size

317KB
Sample

220125-2zed3shce8
MD5

de6336b5b2b52add05e25d94a7b297c3
SHA1

943f4ca68bd78535f6038a7d1fc14623588b1e18
SHA256

a95f194e921555f4b2c64675c12c0fe22d74a145c298274fe48700a9791f0dcc
SHA512

0bd11a4fa25554e2193aff435d3fd847056991e249ff70cb27186b69da9d6c9bb33c09e8f030a8713fc7e6b534abc67f752adfe8e2441157a135b02379c6f27b

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a95f194e921555f4b2c64675c12c0fe22d74a145c298274fe48700a9791f0dcc
- Size
  
  317KB
- MD5
  
  de6336b5b2b52add05e25d94a7b297c3
- SHA1
  
  943f4ca68bd78535f6038a7d1fc14623588b1e18
- SHA256
  
  a95f194e921555f4b2c64675c12c0fe22d74a145c298274fe48700a9791f0dcc
- SHA512
  
  0bd11a4fa25554e2193aff435d3fd847056991e249ff70cb27186b69da9d6c9bb33c09e8f030a8713fc7e6b534abc67f752adfe8e2441157a135b02379c6f27b
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan