smokeloader | 459f8a4eea71b3a059fd8373f8a698720e8f45e11ab3345d42c39fcb6274e143 | Triage

Sharing

General

Target

459f8a4eea71b3a059fd8373f8a698720e8f45e11ab3345d42c39fcb6274e143
Size

318KB
Sample

220125-m3m33aegd7
MD5

f738c7ce4db9aeca88458dcb36b7ed73
SHA1

c16265a2ee030eae1e30bde59b3ad53dc2734b77
SHA256

459f8a4eea71b3a059fd8373f8a698720e8f45e11ab3345d42c39fcb6274e143
SHA512

93a06b4cb9118f0731ac83b223595a83d401b2798e347af877af21a84f9c6ab258a4777b381ba08865fcaa7bfcaf9185679c44ee7e854efd7ec9e23f56ec616f

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  459f8a4eea71b3a059fd8373f8a698720e8f45e11ab3345d42c39fcb6274e143
- Size
  
  318KB
- MD5
  
  f738c7ce4db9aeca88458dcb36b7ed73
- SHA1
  
  c16265a2ee030eae1e30bde59b3ad53dc2734b77
- SHA256
  
  459f8a4eea71b3a059fd8373f8a698720e8f45e11ab3345d42c39fcb6274e143
- SHA512
  
  93a06b4cb9118f0731ac83b223595a83d401b2798e347af877af21a84f9c6ab258a4777b381ba08865fcaa7bfcaf9185679c44ee7e854efd7ec9e23f56ec616f
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan