smokeloader | ee1692ac25cd9b0619fc8ee462bd96f14e729c87963b8e0ee6bca678aa69aebe | Triage

Sharing

General

Target

ee1692ac25cd9b0619fc8ee462bd96f14e729c87963b8e0ee6bca678aa69aebe
Size

317KB
Sample

220125-zkeeesehb9
MD5

dda5109fc19bf764a2cf5cf97f01cf4f
SHA1

9059b30d5c582ddab5b28c2dff4695ccb44be8d8
SHA256

ee1692ac25cd9b0619fc8ee462bd96f14e729c87963b8e0ee6bca678aa69aebe
SHA512

ea2e6d1ecf896b023f10714aaed7629bdccdb415756772be95a1d355cd9dee7027d780e3ec457d2707b3f6f95b1e82e403c298bdb109cd4af8d42e3ee5e5c59b

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ee1692ac25cd9b0619fc8ee462bd96f14e729c87963b8e0ee6bca678aa69aebe
- Size
  
  317KB
- MD5
  
  dda5109fc19bf764a2cf5cf97f01cf4f
- SHA1
  
  9059b30d5c582ddab5b28c2dff4695ccb44be8d8
- SHA256
  
  ee1692ac25cd9b0619fc8ee462bd96f14e729c87963b8e0ee6bca678aa69aebe
- SHA512
  
  ea2e6d1ecf896b023f10714aaed7629bdccdb415756772be95a1d355cd9dee7027d780e3ec457d2707b3f6f95b1e82e403c298bdb109cd4af8d42e3ee5e5c59b
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan