smokeloader | 17b6334ecd165f2949bdc62521908785593f4d92634673bfa0d26c0ae1eeb760 | Triage

Sharing

General

Target

17b6334ecd165f2949bdc62521908785593f4d92634673bfa0d26c0ae1eeb760
Size

334KB
Sample

220126-lr6klabgh2
MD5

c7c6a866e1ccdfcd08198a8bcfd1fe55
SHA1

79522ad01773083d282ad98ea8d6b80b9f23e750
SHA256

17b6334ecd165f2949bdc62521908785593f4d92634673bfa0d26c0ae1eeb760
SHA512

64dfffbaa1e2df625d6eb36a2ba67b4580839b10951dbd16d1ef1ff1ea49221ac92eb97ca8ca64ca8d1d8e6c3bcba856d5aa843936a27de3cca3c7f6cec23492

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  17b6334ecd165f2949bdc62521908785593f4d92634673bfa0d26c0ae1eeb760
- Size
  
  334KB
- MD5
  
  c7c6a866e1ccdfcd08198a8bcfd1fe55
- SHA1
  
  79522ad01773083d282ad98ea8d6b80b9f23e750
- SHA256
  
  17b6334ecd165f2949bdc62521908785593f4d92634673bfa0d26c0ae1eeb760
- SHA512
  
  64dfffbaa1e2df625d6eb36a2ba67b4580839b10951dbd16d1ef1ff1ea49221ac92eb97ca8ca64ca8d1d8e6c3bcba856d5aa843936a27de3cca3c7f6cec23492
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan