smokeloader | d0a94eee3062489f74722558e7dd98518a7efb45dc0aa4ba4a961b4076eb9653 | Triage

Sharing

General

Target

d0a94eee3062489f74722558e7dd98518a7efb45dc0aa4ba4a961b4076eb9653
Size

334KB
Sample

220126-lq9wmabgg7
MD5

2cfc1d9979604a809fbc53637c3cc529
SHA1

887f45bfa3958b9560365797ddf3e53d605a5aad
SHA256

d0a94eee3062489f74722558e7dd98518a7efb45dc0aa4ba4a961b4076eb9653
SHA512

4b3fe5c4d85d5417f7d5685f15e2188f8864f9dd231c0ae5e487bc26001bd4a78e725137cbd8b1aaa8ba7c43d397a375b4d58c63d83676eac8aca104cbfe835e

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d0a94eee3062489f74722558e7dd98518a7efb45dc0aa4ba4a961b4076eb9653
- Size
  
  334KB
- MD5
  
  2cfc1d9979604a809fbc53637c3cc529
- SHA1
  
  887f45bfa3958b9560365797ddf3e53d605a5aad
- SHA256
  
  d0a94eee3062489f74722558e7dd98518a7efb45dc0aa4ba4a961b4076eb9653
- SHA512
  
  4b3fe5c4d85d5417f7d5685f15e2188f8864f9dd231c0ae5e487bc26001bd4a78e725137cbd8b1aaa8ba7c43d397a375b4d58c63d83676eac8aca104cbfe835e
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan