smokeloader | f8e28e363d9875bcdfbf169c4c924a69e3cc5c7b0f508106b42082a967ed221e | Triage

Sharing

General

Target

f8e28e363d9875bcdfbf169c4c924a69e3cc5c7b0f508106b42082a967ed221e
Size

317KB
Sample

220125-vz1tracad8
MD5

f4bee27d69a366085fd0b18f899c5329
SHA1

e057d348efe428e71681c60df844286a412637da
SHA256

f8e28e363d9875bcdfbf169c4c924a69e3cc5c7b0f508106b42082a967ed221e
SHA512

fdad3423a3cebca862d9d0cc1b302d122133d6a734cae564ddb02ebe911c7aab75e858d8529d5be9f468aa4056d8fadeef3b96ea1a5d48cf04ed6889a6574f88

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  f8e28e363d9875bcdfbf169c4c924a69e3cc5c7b0f508106b42082a967ed221e
- Size
  
  317KB
- MD5
  
  f4bee27d69a366085fd0b18f899c5329
- SHA1
  
  e057d348efe428e71681c60df844286a412637da
- SHA256
  
  f8e28e363d9875bcdfbf169c4c924a69e3cc5c7b0f508106b42082a967ed221e
- SHA512
  
  fdad3423a3cebca862d9d0cc1b302d122133d6a734cae564ddb02ebe911c7aab75e858d8529d5be9f468aa4056d8fadeef3b96ea1a5d48cf04ed6889a6574f88
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan