Overview

overview

10

Static

static

e850a48500...cb.exe

windows7_x64

10

e850a48500...cb.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e850a485000a01b93df0aeffdb76cecb.exe

  • Size

    333KB

  • Sample

    220126-pqmymsdbg6

  • MD5

    e850a485000a01b93df0aeffdb76cecb

  • SHA1

    b4e2104d8f15f0797f2e72166db1b87f432110e7

  • SHA256

    5b1596833c21b5c703e8939458fea7af7de21359db5fa9abf995a080d9ceebb4

  • SHA512

    d5e3833ff9a8f20ffca3c85611a222fb55f299cdc9df23420d3f0ca97c3fe2d33d643d20865b6f4e14faeca0a780672130cabea3084e3638b2645d56e71b90c8

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/
rc4.i32
rc4.i32

Targets

    • Target

      e850a485000a01b93df0aeffdb76cecb.exe

    • Size

      333KB

    • MD5

      e850a485000a01b93df0aeffdb76cecb

    • SHA1

      b4e2104d8f15f0797f2e72166db1b87f432110e7

    • SHA256

      5b1596833c21b5c703e8939458fea7af7de21359db5fa9abf995a080d9ceebb4

    • SHA512

      d5e3833ff9a8f20ffca3c85611a222fb55f299cdc9df23420d3f0ca97c3fe2d33d643d20865b6f4e14faeca0a780672130cabea3084e3638b2645d56e71b90c8

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks