smokeloader | 610a0e6062444afc11c91de5cde8e5c00148453d69bb0de02d6ae1ab495365d2 | Triage

Sharing

General

Target

610a0e6062444afc11c91de5cde8e5c00148453d69bb0de02d6ae1ab495365d2
Size

318KB
Sample

220125-v326zsbgfm
MD5

6d887183952fa2d7de207e59e1a1392c
SHA1

f078c3bf6787f0f5e05f1a8ac32feea3a9e22c4e
SHA256

610a0e6062444afc11c91de5cde8e5c00148453d69bb0de02d6ae1ab495365d2
SHA512

d972cadd9469ccbd5bbb58b75b0ec8acf023284a85543ffa568f8aa67ea87aa2fd377a9544983c541fa8a25d3898c9e0d535e96e6a69c7bf93c998984c1be72c

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  610a0e6062444afc11c91de5cde8e5c00148453d69bb0de02d6ae1ab495365d2
- Size
  
  318KB
- MD5
  
  6d887183952fa2d7de207e59e1a1392c
- SHA1
  
  f078c3bf6787f0f5e05f1a8ac32feea3a9e22c4e
- SHA256
  
  610a0e6062444afc11c91de5cde8e5c00148453d69bb0de02d6ae1ab495365d2
- SHA512
  
  d972cadd9469ccbd5bbb58b75b0ec8acf023284a85543ffa568f8aa67ea87aa2fd377a9544983c541fa8a25d3898c9e0d535e96e6a69c7bf93c998984c1be72c
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan