smokeloader | 88c2b8fe4ee55379b62564581662e246ca0ed76cd9894222d1cbc832bf7fc1ca | Triage

Sharing

General

Target

88c2b8fe4ee55379b62564581662e246ca0ed76cd9894222d1cbc832bf7fc1ca
Size

264KB
Sample

220125-swfcjaabh2
MD5

531da830bb5d9731e7f495e1f810a18b
SHA1

6ef9478f628dd086d3b4bc439ddad628e7bbd2be
SHA256

88c2b8fe4ee55379b62564581662e246ca0ed76cd9894222d1cbc832bf7fc1ca
SHA512

3ddbb339bca48925f72d9d924be69d5c9a0d72360d005e992b2397138bb740756c480fa632c663c53bf4ce5570b4352b35ea5bc234fa1172f3aff0b5ae01690a

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  88c2b8fe4ee55379b62564581662e246ca0ed76cd9894222d1cbc832bf7fc1ca
- Size
  
  264KB
- MD5
  
  531da830bb5d9731e7f495e1f810a18b
- SHA1
  
  6ef9478f628dd086d3b4bc439ddad628e7bbd2be
- SHA256
  
  88c2b8fe4ee55379b62564581662e246ca0ed76cd9894222d1cbc832bf7fc1ca
- SHA512
  
  3ddbb339bca48925f72d9d924be69d5c9a0d72360d005e992b2397138bb740756c480fa632c663c53bf4ce5570b4352b35ea5bc234fa1172f3aff0b5ae01690a
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan