smokeloader | 4301c393a68e3ddf9514ac1b153eab27ac80fbf081faaa0341e115bcfce0b7df | Triage

Sharing

General

Target

4301c393a68e3ddf9514ac1b153eab27ac80fbf081faaa0341e115bcfce0b7df
Size

334KB
Sample

220126-ftvcfsggdn
MD5

fbb44457268b6efc57a7ae00838a62b8
SHA1

9504beec3ca9993d6570ff21b4284e4b22415177
SHA256

4301c393a68e3ddf9514ac1b153eab27ac80fbf081faaa0341e115bcfce0b7df
SHA512

9516e4f8ce6f0329c16f62044c1af4d1fa6769c4d9c1a44a0ca613cd98b3a6ed9e62e04bdab9e3b519d45c47abd1147a76d856ef0b5f8e94c5a9636c991bb197

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4301c393a68e3ddf9514ac1b153eab27ac80fbf081faaa0341e115bcfce0b7df
- Size
  
  334KB
- MD5
  
  fbb44457268b6efc57a7ae00838a62b8
- SHA1
  
  9504beec3ca9993d6570ff21b4284e4b22415177
- SHA256
  
  4301c393a68e3ddf9514ac1b153eab27ac80fbf081faaa0341e115bcfce0b7df
- SHA512
  
  9516e4f8ce6f0329c16f62044c1af4d1fa6769c4d9c1a44a0ca613cd98b3a6ed9e62e04bdab9e3b519d45c47abd1147a76d856ef0b5f8e94c5a9636c991bb197
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan