smokeloader | b0f64e103052539e013986c8884dd5101883a8f6b02f0e42216be1f9902bf48f | Triage

Sharing

General

Target

b0f64e103052539e013986c8884dd5101883a8f6b02f0e42216be1f9902bf48f
Size

317KB
Sample

220125-jnshfsbdfl
MD5

cb7949946e09f956b7e983a0bd22e7e4
SHA1

9e4a562b893299f7194969322e08efbd1c7c364e
SHA256

b0f64e103052539e013986c8884dd5101883a8f6b02f0e42216be1f9902bf48f
SHA512

2accdc1e0c395680469dd7bab24a59fdb4525a696cb1f734599ff8f0a27f114527e7bb344e5d5306d5938fba948fe1f28a5733d5cb38e9354ce7b56ac85ec4d5

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b0f64e103052539e013986c8884dd5101883a8f6b02f0e42216be1f9902bf48f
- Size
  
  317KB
- MD5
  
  cb7949946e09f956b7e983a0bd22e7e4
- SHA1
  
  9e4a562b893299f7194969322e08efbd1c7c364e
- SHA256
  
  b0f64e103052539e013986c8884dd5101883a8f6b02f0e42216be1f9902bf48f
- SHA512
  
  2accdc1e0c395680469dd7bab24a59fdb4525a696cb1f734599ff8f0a27f114527e7bb344e5d5306d5938fba948fe1f28a5733d5cb38e9354ce7b56ac85ec4d5
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan