smokeloader | ebaf378300359d6342401cbe361a9759d33bb40b38358b659d1bef961ade79be | Triage

Sharing

General

Target

ebaf378300359d6342401cbe361a9759d33bb40b38358b659d1bef961ade79be
Size

333KB
Sample

220126-whs81sgbaq
MD5

37c193001ff6d80502e257e132b93fb6
SHA1

279cc8a20c6944190c981faa4a017f7652030a7c
SHA256

ebaf378300359d6342401cbe361a9759d33bb40b38358b659d1bef961ade79be
SHA512

abb3322747c0ceb0324ff7679c5fb8ceb973100b259771e601f450dd7f2c5a77de7c8cbdfa77cf09a58b793f2601a91e79975513167f6943ed801a7c82ca6e90

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ebaf378300359d6342401cbe361a9759d33bb40b38358b659d1bef961ade79be
- Size
  
  333KB
- MD5
  
  37c193001ff6d80502e257e132b93fb6
- SHA1
  
  279cc8a20c6944190c981faa4a017f7652030a7c
- SHA256
  
  ebaf378300359d6342401cbe361a9759d33bb40b38358b659d1bef961ade79be
- SHA512
  
  abb3322747c0ceb0324ff7679c5fb8ceb973100b259771e601f450dd7f2c5a77de7c8cbdfa77cf09a58b793f2601a91e79975513167f6943ed801a7c82ca6e90
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan