smokeloader | 0031c9a5522903cafe20c92b29e0575b8ac7e61288f1e96ae6ff375562b5b83e | Triage

Sharing

General

Target

5617323472486400.zip
Size

121KB
Sample

220126-s7zkjsefhm
MD5

88eca8a881ed4611a90b94ec9c3428c8
SHA1

759f3bf783a2dd2c0d0b9e9d6276785a33a75d14
SHA256

0031c9a5522903cafe20c92b29e0575b8ac7e61288f1e96ae6ff375562b5b83e
SHA512

fb08b7e8cf05386d1e7454c6cc83666e7efd13bed34a2395396ed173fcf9e1287d22147fde8b3b83bceed85edb158dc9b45ccfcfdf80c9d76a9aecd36d5fafd3

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  40656f59ec0216e3f20e7e9f69087d38506ffb02c06ec27685bad387b11c9eea
- Size
  
  263KB
- MD5
  
  3f485dbc104937f3a8721291b2575ea8
- SHA1
  
  e19e1ecf3db0c46973aefa7dc5b68f69c01e034e
- SHA256
  
  40656f59ec0216e3f20e7e9f69087d38506ffb02c06ec27685bad387b11c9eea
- SHA512
  
  b321c90b3e169df84326e0c7b724abe8daa9910980c5bf79386ecfde3c01e899c69bc4f570700b62983e916c884b9ec57f3476c6d3052ef87ef1998b79ff9814
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan