smokeloader | 908d9d9749f14875270f9189eb235babb7283e3762f3e6eefac175f5905f8577 | Triage

Sharing

General

Target

908d9d9749f14875270f9189eb235babb7283e3762f3e6eefac175f5905f8577
Size

317KB
Sample

220125-x1qraadcfq
MD5

f2ffaf4dc6f4743cfdd1b70672161016
SHA1

6f2053ddf79a59e54fc23e3d33e5cf212581ed29
SHA256

908d9d9749f14875270f9189eb235babb7283e3762f3e6eefac175f5905f8577
SHA512

3cd16ab42786d8e377131b916c6826f610746dd9059f99549ba7d2b202b5c45a991815a6699f2d051b010cf31036f995d29140a11138b682cc8cae04443b3bd3

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  908d9d9749f14875270f9189eb235babb7283e3762f3e6eefac175f5905f8577
- Size
  
  317KB
- MD5
  
  f2ffaf4dc6f4743cfdd1b70672161016
- SHA1
  
  6f2053ddf79a59e54fc23e3d33e5cf212581ed29
- SHA256
  
  908d9d9749f14875270f9189eb235babb7283e3762f3e6eefac175f5905f8577
- SHA512
  
  3cd16ab42786d8e377131b916c6826f610746dd9059f99549ba7d2b202b5c45a991815a6699f2d051b010cf31036f995d29140a11138b682cc8cae04443b3bd3
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan