smokeloader | 582a90f93b03471a18f9c2392505c80d352d6dfbabb6b6c2dbf9a50a998022ed | Triage

Sharing

General

Target

582a90f93b03471a18f9c2392505c80d352d6dfbabb6b6c2dbf9a50a998022ed
Size

334KB
Sample

220126-jd8fxsaha7
MD5

c4bdff2e28c800fbe751f8abe9d76d04
SHA1

775d2ef72a9115b48ab48112ba72460fcae751d6
SHA256

582a90f93b03471a18f9c2392505c80d352d6dfbabb6b6c2dbf9a50a998022ed
SHA512

6aa916849fdfc6df5508f75793b5c417d267fd7792dc78bf217c2a99a4a55e57cab41cb2c7436bee3f70b8623c59a31c3ecce080e59019159bf17c7f09a23023

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  582a90f93b03471a18f9c2392505c80d352d6dfbabb6b6c2dbf9a50a998022ed
- Size
  
  334KB
- MD5
  
  c4bdff2e28c800fbe751f8abe9d76d04
- SHA1
  
  775d2ef72a9115b48ab48112ba72460fcae751d6
- SHA256
  
  582a90f93b03471a18f9c2392505c80d352d6dfbabb6b6c2dbf9a50a998022ed
- SHA512
  
  6aa916849fdfc6df5508f75793b5c417d267fd7792dc78bf217c2a99a4a55e57cab41cb2c7436bee3f70b8623c59a31c3ecce080e59019159bf17c7f09a23023
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan