smokeloader | 01bae7437041c044adf52438b49af874482298db7b5e88143c9e6f8ede393abd | Triage

Sharing

General

Target

01bae7437041c044adf52438b49af874482298db7b5e88143c9e6f8ede393abd
Size

333KB
Sample

220126-fsj54aggar
MD5

81977e49638a8e8512466521b3907ebf
SHA1

ef04db6fa35033a7c5962b4a5bf0edc29304cd53
SHA256

01bae7437041c044adf52438b49af874482298db7b5e88143c9e6f8ede393abd
SHA512

aa6613cf02406ba67cee103c53e02093667cab49255ab2c7bdba4da63a1061398d5cb689fe0f2bbce56a74900122e2fb524170a78fbb632ce1a0eebd0bdc1735

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  01bae7437041c044adf52438b49af874482298db7b5e88143c9e6f8ede393abd
- Size
  
  333KB
- MD5
  
  81977e49638a8e8512466521b3907ebf
- SHA1
  
  ef04db6fa35033a7c5962b4a5bf0edc29304cd53
- SHA256
  
  01bae7437041c044adf52438b49af874482298db7b5e88143c9e6f8ede393abd
- SHA512
  
  aa6613cf02406ba67cee103c53e02093667cab49255ab2c7bdba4da63a1061398d5cb689fe0f2bbce56a74900122e2fb524170a78fbb632ce1a0eebd0bdc1735
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan