smokeloader | 048db445bc84e7a3ccb94098e043df99752344c0d41da2b8594eae8dc40cd1b2 | Triage

Sharing

General

Target

048db445bc84e7a3ccb94098e043df99752344c0d41da2b8594eae8dc40cd1b2
Size

317KB
Sample

220125-lgwbwadca7
MD5

f278ddb06207d8c46951b3e3d55f9c26
SHA1

7b6c9e568ee54a64e5cbeed1dd0e1fcedd551603
SHA256

048db445bc84e7a3ccb94098e043df99752344c0d41da2b8594eae8dc40cd1b2
SHA512

68277d5f2ad477ab09162d923e134f31b3b67e1a1d5ffe1cbe5be9e48a26f4b3a32916563ffec2b1df145bd346bd6c9bdaab1495a3e9d873a212a07bf4fcfd69

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  048db445bc84e7a3ccb94098e043df99752344c0d41da2b8594eae8dc40cd1b2
- Size
  
  317KB
- MD5
  
  f278ddb06207d8c46951b3e3d55f9c26
- SHA1
  
  7b6c9e568ee54a64e5cbeed1dd0e1fcedd551603
- SHA256
  
  048db445bc84e7a3ccb94098e043df99752344c0d41da2b8594eae8dc40cd1b2
- SHA512
  
  68277d5f2ad477ab09162d923e134f31b3b67e1a1d5ffe1cbe5be9e48a26f4b3a32916563ffec2b1df145bd346bd6c9bdaab1495a3e9d873a212a07bf4fcfd69
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan