smokeloader | aca04a14497073faafb60565c04b170988ec91c93952c7e9401d63156a477ccc | Triage

Sharing

General

Target

aca04a14497073faafb60565c04b170988ec91c93952c7e9401d63156a477ccc
Size

317KB
Sample

220125-j2jgpsbghl
MD5

fbcf4e4b6e3bcd555ad2133be98239c2
SHA1

720033f26905a78402df4e2d9d1008f6eea1d99d
SHA256

aca04a14497073faafb60565c04b170988ec91c93952c7e9401d63156a477ccc
SHA512

0e1138e6aa098c52c72df30394cfc7228a30305c42e13a898a382ab702f03f73bb5a2147194031ff273fa825fc3a7c0c8971b96a9dac8dd2f5cdbe6deabe7abb

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  aca04a14497073faafb60565c04b170988ec91c93952c7e9401d63156a477ccc
- Size
  
  317KB
- MD5
  
  fbcf4e4b6e3bcd555ad2133be98239c2
- SHA1
  
  720033f26905a78402df4e2d9d1008f6eea1d99d
- SHA256
  
  aca04a14497073faafb60565c04b170988ec91c93952c7e9401d63156a477ccc
- SHA512
  
  0e1138e6aa098c52c72df30394cfc7228a30305c42e13a898a382ab702f03f73bb5a2147194031ff273fa825fc3a7c0c8971b96a9dac8dd2f5cdbe6deabe7abb
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan