smokeloader | d75677ca0c61ea5889b1d06d63c7622b2fc3393d51f78f0dfb9e41b7a470cd90 | Triage

Sharing

General

Target

d75677ca0c61ea5889b1d06d63c7622b2fc3393d51f78f0dfb9e41b7a470cd90
Size

357KB
Sample

220126-3j77wscch3
MD5

dd7f02d46d26f8bece55a29fd7dcb904
SHA1

23939e56d13583235dcf9fbc079bbebd9ecaab41
SHA256

d75677ca0c61ea5889b1d06d63c7622b2fc3393d51f78f0dfb9e41b7a470cd90
SHA512

7ecbb86f41fbdf91e50f30a9d0bce50b229f093949d920835df6d9e8b0ac449de2390b7802800e71da3b7525fa1154fadc746ed8ebb5f96d90423379af72f48d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d75677ca0c61ea5889b1d06d63c7622b2fc3393d51f78f0dfb9e41b7a470cd90
- Size
  
  357KB
- MD5
  
  dd7f02d46d26f8bece55a29fd7dcb904
- SHA1
  
  23939e56d13583235dcf9fbc079bbebd9ecaab41
- SHA256
  
  d75677ca0c61ea5889b1d06d63c7622b2fc3393d51f78f0dfb9e41b7a470cd90
- SHA512
  
  7ecbb86f41fbdf91e50f30a9d0bce50b229f093949d920835df6d9e8b0ac449de2390b7802800e71da3b7525fa1154fadc746ed8ebb5f96d90423379af72f48d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan