smokeloader | bd8794f0a46ee30bb80ab3a140116607812479c9daf603fb216a2d03ea7dc0c6 | Triage

Sharing

General

Target

bd8794f0a46ee30bb80ab3a140116607812479c9daf603fb216a2d03ea7dc0c6
Size

317KB
Sample

220125-jxmzbsbgaq
MD5

944c888ba0e473cc5ba9b9f056a6b8d5
SHA1

54cad712f2605bc75f9546a990b1c13ca36c46e8
SHA256

bd8794f0a46ee30bb80ab3a140116607812479c9daf603fb216a2d03ea7dc0c6
SHA512

4e11df5431d6d7145cf0e98ab1aafba2ea76b067c8a4b0530dbf005eb808f15addd918a8cf7ba1fe10edd76d63d683f02f5fd80eecb0bdf4bf7c08e756902ceb

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  bd8794f0a46ee30bb80ab3a140116607812479c9daf603fb216a2d03ea7dc0c6
- Size
  
  317KB
- MD5
  
  944c888ba0e473cc5ba9b9f056a6b8d5
- SHA1
  
  54cad712f2605bc75f9546a990b1c13ca36c46e8
- SHA256
  
  bd8794f0a46ee30bb80ab3a140116607812479c9daf603fb216a2d03ea7dc0c6
- SHA512
  
  4e11df5431d6d7145cf0e98ab1aafba2ea76b067c8a4b0530dbf005eb808f15addd918a8cf7ba1fe10edd76d63d683f02f5fd80eecb0bdf4bf7c08e756902ceb
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan