smokeloader | f483847c2464fad95905c77776eae65e23f5d0ff7a406f7f6a9c9decf05c9174 | Triage

Sharing

General

Target

f483847c2464fad95905c77776eae65e23f5d0ff7a406f7f6a9c9decf05c9174
Size

264KB
Sample

220125-vbg2qsbbbk
MD5

f6b424927a4dc9dca4af3a6cd65b9f2f
SHA1

08ce93426c773bdbefd7b84e65a6a566a3cf71eb
SHA256

f483847c2464fad95905c77776eae65e23f5d0ff7a406f7f6a9c9decf05c9174
SHA512

39ee68439b7152a5d766da60ece438eb4ed16bd76e51c456cbbf99cac3b5792a54bb0a55aab6ddcb363bbef5ac96d55361def0eae995b2705dbfcb2ae5d60337

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f483847c2464fad95905c77776eae65e23f5d0ff7a406f7f6a9c9decf05c9174
- Size
  
  264KB
- MD5
  
  f6b424927a4dc9dca4af3a6cd65b9f2f
- SHA1
  
  08ce93426c773bdbefd7b84e65a6a566a3cf71eb
- SHA256
  
  f483847c2464fad95905c77776eae65e23f5d0ff7a406f7f6a9c9decf05c9174
- SHA512
  
  39ee68439b7152a5d766da60ece438eb4ed16bd76e51c456cbbf99cac3b5792a54bb0a55aab6ddcb363bbef5ac96d55361def0eae995b2705dbfcb2ae5d60337
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan