smokeloader | d6cebfa001549392cfa89ef288999449190e352f41f22f8f78fbd6e65fc43e7f | Triage

Sharing

General

Target

d6cebfa001549392cfa89ef288999449190e352f41f22f8f78fbd6e65fc43e7f
Size

241KB
Sample

220126-3zmacsceg5
MD5

e161b9ac3c23a1d72800e65155b44401
SHA1

5fbbcc458668fcb769f47c4aae25ae1b65204b18
SHA256

d6cebfa001549392cfa89ef288999449190e352f41f22f8f78fbd6e65fc43e7f
SHA512

9eae73557325907d6315af1491de804c1bed109764591a65214f5b52a74a39d421d5f51e0fb4f6d7bbf3769c03ab1408c9031df7b5ae950c538622e22c7a3d9f

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d6cebfa001549392cfa89ef288999449190e352f41f22f8f78fbd6e65fc43e7f
- Size
  
  241KB
- MD5
  
  e161b9ac3c23a1d72800e65155b44401
- SHA1
  
  5fbbcc458668fcb769f47c4aae25ae1b65204b18
- SHA256
  
  d6cebfa001549392cfa89ef288999449190e352f41f22f8f78fbd6e65fc43e7f
- SHA512
  
  9eae73557325907d6315af1491de804c1bed109764591a65214f5b52a74a39d421d5f51e0fb4f6d7bbf3769c03ab1408c9031df7b5ae950c538622e22c7a3d9f
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan