smokeloader | a3016902264ec9c6e7d39fbe138cff1f5fe0cc5f07c0c8cf63cef66bc5859e53 | Triage

Sharing

General

Target

a3016902264ec9c6e7d39fbe138cff1f5fe0cc5f07c0c8cf63cef66bc5859e53
Size

241KB
Sample

220126-316qdscfb3
MD5

f54e41ec1586055f161827ac7c4c7968
SHA1

10f9cf3d52005d169722ccf39af6eee1db6a36e7
SHA256

a3016902264ec9c6e7d39fbe138cff1f5fe0cc5f07c0c8cf63cef66bc5859e53
SHA512

3a1d4c1e3fa6af9ba90a78386a789e1ce22f6ed5d514d173ee9ea90708b18a004b1987ad4766e04cad61b611522419d554c7a7b7c4fa6fc4af78db9b6bfba906

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a3016902264ec9c6e7d39fbe138cff1f5fe0cc5f07c0c8cf63cef66bc5859e53
- Size
  
  241KB
- MD5
  
  f54e41ec1586055f161827ac7c4c7968
- SHA1
  
  10f9cf3d52005d169722ccf39af6eee1db6a36e7
- SHA256
  
  a3016902264ec9c6e7d39fbe138cff1f5fe0cc5f07c0c8cf63cef66bc5859e53
- SHA512
  
  3a1d4c1e3fa6af9ba90a78386a789e1ce22f6ed5d514d173ee9ea90708b18a004b1987ad4766e04cad61b611522419d554c7a7b7c4fa6fc4af78db9b6bfba906
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan