smokeloader | ead85690a74d2d209503079910d73f202156431d8809c6b1f43f50c1395984f2 | Triage

Sharing

General

Target

ead85690a74d2d209503079910d73f202156431d8809c6b1f43f50c1395984f2
Size

264KB
Sample

220125-tnrk9sagh5
MD5

9586bd86ddfaa845b11434706b408110
SHA1

57df06275d18a4a6ca232c19cbc50324a9196c3a
SHA256

ead85690a74d2d209503079910d73f202156431d8809c6b1f43f50c1395984f2
SHA512

ee328b1e0654520eab98d5ae4204cc9ea748a7c4db0aae3e6b6851f2f50cacf92cafde310e71e4a99a73e28775e95e86405a644f39a77faf673b5c2854396837

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ead85690a74d2d209503079910d73f202156431d8809c6b1f43f50c1395984f2
- Size
  
  264KB
- MD5
  
  9586bd86ddfaa845b11434706b408110
- SHA1
  
  57df06275d18a4a6ca232c19cbc50324a9196c3a
- SHA256
  
  ead85690a74d2d209503079910d73f202156431d8809c6b1f43f50c1395984f2
- SHA512
  
  ee328b1e0654520eab98d5ae4204cc9ea748a7c4db0aae3e6b6851f2f50cacf92cafde310e71e4a99a73e28775e95e86405a644f39a77faf673b5c2854396837
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan