smokeloader | b49a3c4014b5f14b7a74940544da4f8a7e863895f000c3588f617f2a07557b36 | Triage

Sharing

General

Target

b49a3c4014b5f14b7a74940544da4f8a7e863895f000c3588f617f2a07557b36
Size

317KB
Sample

220125-g7499aadd6
MD5

92709b8d26b007a19e52bc1112f6e56c
SHA1

1c3af545cecc76fb51e7df05174537f86db04407
SHA256

b49a3c4014b5f14b7a74940544da4f8a7e863895f000c3588f617f2a07557b36
SHA512

4e6e394e5fda16ebc75c2487794850181e1f6c8458d39702b3f7b9b02c72c0521e473d3301ea134a936930b0e16b1f0901ff05fb10bad8e844701bcea0dff72a

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b49a3c4014b5f14b7a74940544da4f8a7e863895f000c3588f617f2a07557b36
- Size
  
  317KB
- MD5
  
  92709b8d26b007a19e52bc1112f6e56c
- SHA1
  
  1c3af545cecc76fb51e7df05174537f86db04407
- SHA256
  
  b49a3c4014b5f14b7a74940544da4f8a7e863895f000c3588f617f2a07557b36
- SHA512
  
  4e6e394e5fda16ebc75c2487794850181e1f6c8458d39702b3f7b9b02c72c0521e473d3301ea134a936930b0e16b1f0901ff05fb10bad8e844701bcea0dff72a
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan