smokeloader | fc0c1e4dbc4cb98397b0398236210fb5483f58c38b016165bf20615b6611c4cb | Triage

Sharing

General

Target

fc0c1e4dbc4cb98397b0398236210fb5483f58c38b016165bf20615b6611c4cb
Size

333KB
Sample

220126-bhklnabgh8
MD5

09bea40d88954b38cd495cb5ae0a8050
SHA1

241ccb105f90b19bd4f33f0fb2bc15b61d5c8288
SHA256

fc0c1e4dbc4cb98397b0398236210fb5483f58c38b016165bf20615b6611c4cb
SHA512

c57a04cd4e1adb78d4bff1892631f773909ef39b2f02715b77dad119c0df5d9e09688b510c58ba4b85109cf88710ead6df7cdcc99846d884052226f3f55e27d9

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fc0c1e4dbc4cb98397b0398236210fb5483f58c38b016165bf20615b6611c4cb
- Size
  
  333KB
- MD5
  
  09bea40d88954b38cd495cb5ae0a8050
- SHA1
  
  241ccb105f90b19bd4f33f0fb2bc15b61d5c8288
- SHA256
  
  fc0c1e4dbc4cb98397b0398236210fb5483f58c38b016165bf20615b6611c4cb
- SHA512
  
  c57a04cd4e1adb78d4bff1892631f773909ef39b2f02715b77dad119c0df5d9e09688b510c58ba4b85109cf88710ead6df7cdcc99846d884052226f3f55e27d9
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan