smokeloader | 629b771069d2d7ac3df5c3f3ecde00651724c4635936fc3fea333844a173ef51 | Triage

Sharing

General

Target

629b771069d2d7ac3df5c3f3ecde00651724c4635936fc3fea333844a173ef51
Size

264KB
Sample

220125-t8mg2sbagn
MD5

3ff4d9500813d3fc8f44b1397cf214a1
SHA1

1bee40dd516fdb7ac5325b8d4863520dd5058906
SHA256

629b771069d2d7ac3df5c3f3ecde00651724c4635936fc3fea333844a173ef51
SHA512

56241ebe45a0de60cce00388076089a0a73e95b089c97d016eef8c4fc9e9c56af1d867dd472dd57032758c9172820be1554d72e828f8956d33c7f1baceb0501c

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  629b771069d2d7ac3df5c3f3ecde00651724c4635936fc3fea333844a173ef51
- Size
  
  264KB
- MD5
  
  3ff4d9500813d3fc8f44b1397cf214a1
- SHA1
  
  1bee40dd516fdb7ac5325b8d4863520dd5058906
- SHA256
  
  629b771069d2d7ac3df5c3f3ecde00651724c4635936fc3fea333844a173ef51
- SHA512
  
  56241ebe45a0de60cce00388076089a0a73e95b089c97d016eef8c4fc9e9c56af1d867dd472dd57032758c9172820be1554d72e828f8956d33c7f1baceb0501c
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan