smokeloader | 86e852ec39e24a821d0779857ad411a101d3e353d6782c238fc778b0bb12c0c7 | Triage

Sharing

General

Target

86e852ec39e24a821d0779857ad411a101d3e353d6782c238fc778b0bb12c0c7
Size

357KB
Sample

220126-2rpvvabdhj
MD5

e55d57e798bd86dd4786e0327d0b6411
SHA1

6b888c98158463f0a6ce9d0722c0ea8bfab1e223
SHA256

86e852ec39e24a821d0779857ad411a101d3e353d6782c238fc778b0bb12c0c7
SHA512

a1590c1d377dc9ccbaacb19f866a8755087830739e07c0289a1d0e2baebaef700497479b03abcc8b5c97d65094da420bd604d35085a760d105e036e94edd4f17

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  86e852ec39e24a821d0779857ad411a101d3e353d6782c238fc778b0bb12c0c7
- Size
  
  357KB
- MD5
  
  e55d57e798bd86dd4786e0327d0b6411
- SHA1
  
  6b888c98158463f0a6ce9d0722c0ea8bfab1e223
- SHA256
  
  86e852ec39e24a821d0779857ad411a101d3e353d6782c238fc778b0bb12c0c7
- SHA512
  
  a1590c1d377dc9ccbaacb19f866a8755087830739e07c0289a1d0e2baebaef700497479b03abcc8b5c97d65094da420bd604d35085a760d105e036e94edd4f17
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan