smokeloader | c8b07aeffdbcd006a6bab62358e07078c3fc101f26fd9e623d38c3c1279bacd4 | Triage

Sharing

General

Target

c8b07aeffdbcd006a6bab62358e07078c3fc101f26fd9e623d38c3c1279bacd4
Size

333KB
Sample

220126-tfksraehcm
MD5

7b5dc521a8b11945cd39438dfe03ad5e
SHA1

2ece5350274d78944a956c0f00a10646a5d60f0a
SHA256

c8b07aeffdbcd006a6bab62358e07078c3fc101f26fd9e623d38c3c1279bacd4
SHA512

613e643a1adcecd29eccb1fab9d48a06d6af501d1ef3ca2d9d0241408f948a4e3c686bb0d04c637a8ea5cafc65d15ff2a0cfcb87f3d1c8ed2f77b12c3b6e1280

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c8b07aeffdbcd006a6bab62358e07078c3fc101f26fd9e623d38c3c1279bacd4
- Size
  
  333KB
- MD5
  
  7b5dc521a8b11945cd39438dfe03ad5e
- SHA1
  
  2ece5350274d78944a956c0f00a10646a5d60f0a
- SHA256
  
  c8b07aeffdbcd006a6bab62358e07078c3fc101f26fd9e623d38c3c1279bacd4
- SHA512
  
  613e643a1adcecd29eccb1fab9d48a06d6af501d1ef3ca2d9d0241408f948a4e3c686bb0d04c637a8ea5cafc65d15ff2a0cfcb87f3d1c8ed2f77b12c3b6e1280
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan