smokeloader | 4e02e727f1caeed64b2765770829c9395c6da81aac975c702d8fd78aebb8f270 | Triage

Sharing

General

Target

4e02e727f1caeed64b2765770829c9395c6da81aac975c702d8fd78aebb8f270
Size

356KB
Sample

220126-2gam6sbcfk
MD5

5b72fe4706365d32e5b0c812f88e413c
SHA1

1feb15e94bfd6e83a05dca687c396327b555c22c
SHA256

4e02e727f1caeed64b2765770829c9395c6da81aac975c702d8fd78aebb8f270
SHA512

7fd8f16cfe0862a3e0ee2dd60fd7f2c668a259fe27ebbf889b2f329adce81a390b4a045b1c23bc66a9b2b192f07f176fcd26b76f00f2c35bb823f0fd1a313f9b

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4e02e727f1caeed64b2765770829c9395c6da81aac975c702d8fd78aebb8f270
- Size
  
  356KB
- MD5
  
  5b72fe4706365d32e5b0c812f88e413c
- SHA1
  
  1feb15e94bfd6e83a05dca687c396327b555c22c
- SHA256
  
  4e02e727f1caeed64b2765770829c9395c6da81aac975c702d8fd78aebb8f270
- SHA512
  
  7fd8f16cfe0862a3e0ee2dd60fd7f2c668a259fe27ebbf889b2f329adce81a390b4a045b1c23bc66a9b2b192f07f176fcd26b76f00f2c35bb823f0fd1a313f9b
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan