smokeloader | 6cc7ef40cf60c5ae407d64b2772cc0edcac8961603503a20fdcd94aadf413cc7 | Triage

Sharing

General

Target

6cc7ef40cf60c5ae407d64b2772cc0edcac8961603503a20fdcd94aadf413cc7
Size

317KB
Sample

220125-k925fsdad2
MD5

ffc84c911a3b5a19bcd12132fb13971e
SHA1

4a81e6d335bfa5ffb153d778b9b4ca2115842f71
SHA256

6cc7ef40cf60c5ae407d64b2772cc0edcac8961603503a20fdcd94aadf413cc7
SHA512

23d8b7303bc7e92d19a845957b372ac8859c608beb080a3c4ed2c9570a28c90c7c81173592414f1412942228763ea4c6019b460f45a95ca8648b92441d9fc90a

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6cc7ef40cf60c5ae407d64b2772cc0edcac8961603503a20fdcd94aadf413cc7
- Size
  
  317KB
- MD5
  
  ffc84c911a3b5a19bcd12132fb13971e
- SHA1
  
  4a81e6d335bfa5ffb153d778b9b4ca2115842f71
- SHA256
  
  6cc7ef40cf60c5ae407d64b2772cc0edcac8961603503a20fdcd94aadf413cc7
- SHA512
  
  23d8b7303bc7e92d19a845957b372ac8859c608beb080a3c4ed2c9570a28c90c7c81173592414f1412942228763ea4c6019b460f45a95ca8648b92441d9fc90a
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan