smokeloader | 448bfa5b494cd4b1cfbe4a3e493aa5cbe4ac7e7980608e688f394045d61963ec | Triage

Sharing

General

Target

448bfa5b494cd4b1cfbe4a3e493aa5cbe4ac7e7980608e688f394045d61963ec
Size

264KB
Sample

220125-swmfvaabh3
MD5

08f9bea57c5f3354f37bfb354468f66e
SHA1

7ccc45f69f10b5c8359f4b8622d4be455d605f41
SHA256

448bfa5b494cd4b1cfbe4a3e493aa5cbe4ac7e7980608e688f394045d61963ec
SHA512

e44d0d92270c21dffae70a50cfc25cf4686c6c32d4cfe06d1287e7670fc9c6c3daba7250aaad9753264a6ca7aeea49c60e8d8e9127b7c0048ffcc7ed856257cc

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  448bfa5b494cd4b1cfbe4a3e493aa5cbe4ac7e7980608e688f394045d61963ec
- Size
  
  264KB
- MD5
  
  08f9bea57c5f3354f37bfb354468f66e
- SHA1
  
  7ccc45f69f10b5c8359f4b8622d4be455d605f41
- SHA256
  
  448bfa5b494cd4b1cfbe4a3e493aa5cbe4ac7e7980608e688f394045d61963ec
- SHA512
  
  e44d0d92270c21dffae70a50cfc25cf4686c6c32d4cfe06d1287e7670fc9c6c3daba7250aaad9753264a6ca7aeea49c60e8d8e9127b7c0048ffcc7ed856257cc
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan