smokeloader | 60168a8beef5e771e4f0682cbbc584bbbe6b7b3bbb12e6cb95eccf19796fa017 | Triage

Sharing

General

Target

60168a8beef5e771e4f0682cbbc584bbbe6b7b3bbb12e6cb95eccf19796fa017
Size

318KB
Sample

220125-xnzhnaddf5
MD5

2099f23bd4ab8b5328cb8c24a0fbd42f
SHA1

6af2d0d846c437b073795b995ab78223d830bd4a
SHA256

60168a8beef5e771e4f0682cbbc584bbbe6b7b3bbb12e6cb95eccf19796fa017
SHA512

1dbb7d365275e09202ee19df1dac93163c44b6661ca922a743557522fb802049c57bed01028be2a73adf6783554b2046e3497307d404881e4c2265d55b5e03e6

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  60168a8beef5e771e4f0682cbbc584bbbe6b7b3bbb12e6cb95eccf19796fa017
- Size
  
  318KB
- MD5
  
  2099f23bd4ab8b5328cb8c24a0fbd42f
- SHA1
  
  6af2d0d846c437b073795b995ab78223d830bd4a
- SHA256
  
  60168a8beef5e771e4f0682cbbc584bbbe6b7b3bbb12e6cb95eccf19796fa017
- SHA512
  
  1dbb7d365275e09202ee19df1dac93163c44b6661ca922a743557522fb802049c57bed01028be2a73adf6783554b2046e3497307d404881e4c2265d55b5e03e6
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan