smokeloader | 520fe5762b27b85fc461a6043834f0f7cf9bcac1f957fccf3c205982c4769f69 | Triage

Sharing

General

Target

520fe5762b27b85fc461a6043834f0f7cf9bcac1f957fccf3c205982c4769f69
Size

317KB
Sample

220125-ptcxvafggk
MD5

62d706e9c0df4608279ad00bba12637e
SHA1

eca31b2e019c69d19bf20df42f0ebeea05ca74e6
SHA256

520fe5762b27b85fc461a6043834f0f7cf9bcac1f957fccf3c205982c4769f69
SHA512

8193fcdec85120c2fe034cf77823f05f66005d1884463bd6c04ebeaabc5098171d79d2d1d1e64b9b45cb108a7edaed1ddbc36ae28938bb0540e14b9a517fa3aa

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  520fe5762b27b85fc461a6043834f0f7cf9bcac1f957fccf3c205982c4769f69
- Size
  
  317KB
- MD5
  
  62d706e9c0df4608279ad00bba12637e
- SHA1
  
  eca31b2e019c69d19bf20df42f0ebeea05ca74e6
- SHA256
  
  520fe5762b27b85fc461a6043834f0f7cf9bcac1f957fccf3c205982c4769f69
- SHA512
  
  8193fcdec85120c2fe034cf77823f05f66005d1884463bd6c04ebeaabc5098171d79d2d1d1e64b9b45cb108a7edaed1ddbc36ae28938bb0540e14b9a517fa3aa
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan