smokeloader | 182d8c325b63819e85ae976ec2b91211eb554333d1d5fdc21d99f77737f4eecf | Triage

Sharing

General

Target

182d8c325b63819e85ae976ec2b91211eb554333d1d5fdc21d99f77737f4eecf
Size

318KB
Sample

220125-w9h75acgan
MD5

3de9203eef366d23f9d05d500457eff7
SHA1

01d80b33a0e6baa0f899b5165fb9ac2f9c7b1e5c
SHA256

182d8c325b63819e85ae976ec2b91211eb554333d1d5fdc21d99f77737f4eecf
SHA512

4dcfec5cb57d16f3db44c3189746a24284c4120529510bc34d726bc7962975a4a0a6c4866221aadc42b1298b57ff830e4b58377b9c9e2a1616210297a88ba2e3

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  182d8c325b63819e85ae976ec2b91211eb554333d1d5fdc21d99f77737f4eecf
- Size
  
  318KB
- MD5
  
  3de9203eef366d23f9d05d500457eff7
- SHA1
  
  01d80b33a0e6baa0f899b5165fb9ac2f9c7b1e5c
- SHA256
  
  182d8c325b63819e85ae976ec2b91211eb554333d1d5fdc21d99f77737f4eecf
- SHA512
  
  4dcfec5cb57d16f3db44c3189746a24284c4120529510bc34d726bc7962975a4a0a6c4866221aadc42b1298b57ff830e4b58377b9c9e2a1616210297a88ba2e3
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan