smokeloader | 086491bebac8a56d7da2e01a7061b1db88d060b1f2a53ab6be324396a2ce5ee3 | Triage

Sharing

General

Target

086491bebac8a56d7da2e01a7061b1db88d060b1f2a53ab6be324396a2ce5ee3
Size

264KB
Sample

220125-sstezsabc7
MD5

685f816724017aa6b2335aa7ed44fd16
SHA1

3e8ae9e1f743f17449fc9266eb7d2fd2e3fbec45
SHA256

086491bebac8a56d7da2e01a7061b1db88d060b1f2a53ab6be324396a2ce5ee3
SHA512

90a43735ba64b7957f73e1997deece34b7d2f15a98ea3ee7fdc3a2d0f91b9cc2cb96f8555f7c9c9f6d6baa4add91ec80c38bf9030b756021c3df4911e1e0bf9d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  086491bebac8a56d7da2e01a7061b1db88d060b1f2a53ab6be324396a2ce5ee3
- Size
  
  264KB
- MD5
  
  685f816724017aa6b2335aa7ed44fd16
- SHA1
  
  3e8ae9e1f743f17449fc9266eb7d2fd2e3fbec45
- SHA256
  
  086491bebac8a56d7da2e01a7061b1db88d060b1f2a53ab6be324396a2ce5ee3
- SHA512
  
  90a43735ba64b7957f73e1997deece34b7d2f15a98ea3ee7fdc3a2d0f91b9cc2cb96f8555f7c9c9f6d6baa4add91ec80c38bf9030b756021c3df4911e1e0bf9d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan