smokeloader | 46fa40f135502b6cad94851a4f2ee98cb30fd772090af867eb957531052a0573 | Triage

Sharing

General

Target

46fa40f135502b6cad94851a4f2ee98cb30fd772090af867eb957531052a0573
Size

318KB
Sample

220125-p476qsgaep
MD5

02bf0331456683ec4c6a1433e55e9917
SHA1

c759ab957dd9e48c6310902fea1e3d09457429e3
SHA256

46fa40f135502b6cad94851a4f2ee98cb30fd772090af867eb957531052a0573
SHA512

f5378d2ebf5d3145646d2dbdb36fcc7b125f46a853968d78492347d9862c50807edfb53cf5e825f02f0a51da483b2ac8bd634435867d5c99b410b740d469d79a

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  46fa40f135502b6cad94851a4f2ee98cb30fd772090af867eb957531052a0573
- Size
  
  318KB
- MD5
  
  02bf0331456683ec4c6a1433e55e9917
- SHA1
  
  c759ab957dd9e48c6310902fea1e3d09457429e3
- SHA256
  
  46fa40f135502b6cad94851a4f2ee98cb30fd772090af867eb957531052a0573
- SHA512
  
  f5378d2ebf5d3145646d2dbdb36fcc7b125f46a853968d78492347d9862c50807edfb53cf5e825f02f0a51da483b2ac8bd634435867d5c99b410b740d469d79a
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan