smokeloader | 81a2ccab7182a85da858ba37093af6b46a376706a4feff089c171128aaf747eb | Triage

Sharing

General

Target

81a2ccab7182a85da858ba37093af6b46a376706a4feff089c171128aaf747eb
Size

333KB
Sample

220126-y3r8kahhdq
MD5

159c7b103c04e054c8c3c08f5bd663df
SHA1

9bca4411aae658e96b4c761ca776d367566f25af
SHA256

81a2ccab7182a85da858ba37093af6b46a376706a4feff089c171128aaf747eb
SHA512

e6c08333ce4b0f45934e25a45f585a903e4c7365de8dae62dc4b3247220a867d08b3ec316743e6102584ed0d2d67e81d0e6c3d66ab2cc17b5c3159916b8872a1

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  81a2ccab7182a85da858ba37093af6b46a376706a4feff089c171128aaf747eb
- Size
  
  333KB
- MD5
  
  159c7b103c04e054c8c3c08f5bd663df
- SHA1
  
  9bca4411aae658e96b4c761ca776d367566f25af
- SHA256
  
  81a2ccab7182a85da858ba37093af6b46a376706a4feff089c171128aaf747eb
- SHA512
  
  e6c08333ce4b0f45934e25a45f585a903e4c7365de8dae62dc4b3247220a867d08b3ec316743e6102584ed0d2d67e81d0e6c3d66ab2cc17b5c3159916b8872a1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan