smokeloader | fe95c41e92f1497ba046f003a5de0553d2bf87d5544120ebeec23311f8c7f8e0 | Triage

Sharing

General

Target

fe95c41e92f1497ba046f003a5de0553d2bf87d5544120ebeec23311f8c7f8e0
Size

333KB
Sample

220126-jmr6asafbn
MD5

72c8e80ecc45fb13690ab3b896bb863e
SHA1

1d042e52aa1fe230533ec7436f2761e1d4838989
SHA256

fe95c41e92f1497ba046f003a5de0553d2bf87d5544120ebeec23311f8c7f8e0
SHA512

1596cf6011c2665849ffa580d4477d403cf4fdd6ff683fdb3d22b95aceb309de37561a9fcba4675af1749bf907d55b334abc4f9729105416c32495428071c8f4

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fe95c41e92f1497ba046f003a5de0553d2bf87d5544120ebeec23311f8c7f8e0
- Size
  
  333KB
- MD5
  
  72c8e80ecc45fb13690ab3b896bb863e
- SHA1
  
  1d042e52aa1fe230533ec7436f2761e1d4838989
- SHA256
  
  fe95c41e92f1497ba046f003a5de0553d2bf87d5544120ebeec23311f8c7f8e0
- SHA512
  
  1596cf6011c2665849ffa580d4477d403cf4fdd6ff683fdb3d22b95aceb309de37561a9fcba4675af1749bf907d55b334abc4f9729105416c32495428071c8f4
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan