smokeloader | cb08e342249853525166643fddc704672c02771ff763fd24e08cd3cf0512bec7 | Triage

Sharing

General

Target

cb08e342249853525166643fddc704672c02771ff763fd24e08cd3cf0512bec7
Size

317KB
Sample

220125-m4felsegf2
MD5

13083e7a22ed3e2b05bcaab4f0a5f700
SHA1

eb67efee663254cabf14fd6ab27a2ae90a66621f
SHA256

cb08e342249853525166643fddc704672c02771ff763fd24e08cd3cf0512bec7
SHA512

3cf4851b2c6c84d674c7254a04863748c8c32ed027da021147c0e14abc9a28223fbe281d263f7632e50984811509a9a33108e1b5a7a68d87b5277cb25fc03601

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  cb08e342249853525166643fddc704672c02771ff763fd24e08cd3cf0512bec7
- Size
  
  317KB
- MD5
  
  13083e7a22ed3e2b05bcaab4f0a5f700
- SHA1
  
  eb67efee663254cabf14fd6ab27a2ae90a66621f
- SHA256
  
  cb08e342249853525166643fddc704672c02771ff763fd24e08cd3cf0512bec7
- SHA512
  
  3cf4851b2c6c84d674c7254a04863748c8c32ed027da021147c0e14abc9a28223fbe281d263f7632e50984811509a9a33108e1b5a7a68d87b5277cb25fc03601
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan