smokeloader | 14c191f05cde595a31ad969434c35225b93e26e8adb955a71e3748f7a4d3d9ab | Triage

Sharing

General

Target

14c191f05cde595a31ad969434c35225b93e26e8adb955a71e3748f7a4d3d9ab
Size

333KB
Sample

220126-qps9psdbcl
MD5

497a1d973f634b04b54f1adb77950420
SHA1

f573640aca5272407134d148dc89a8c25c7094c5
SHA256

14c191f05cde595a31ad969434c35225b93e26e8adb955a71e3748f7a4d3d9ab
SHA512

3af1310c644498e259ef26c47b529b02956690d27f48b74a71d2b857c694e9508bb0b62547a157f6a6626394f358bfc1a1808c1a0024369cd870a9592aa18f9e

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  14c191f05cde595a31ad969434c35225b93e26e8adb955a71e3748f7a4d3d9ab
- Size
  
  333KB
- MD5
  
  497a1d973f634b04b54f1adb77950420
- SHA1
  
  f573640aca5272407134d148dc89a8c25c7094c5
- SHA256
  
  14c191f05cde595a31ad969434c35225b93e26e8adb955a71e3748f7a4d3d9ab
- SHA512
  
  3af1310c644498e259ef26c47b529b02956690d27f48b74a71d2b857c694e9508bb0b62547a157f6a6626394f358bfc1a1808c1a0024369cd870a9592aa18f9e
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan