smokeloader | e2185c73f6239d8d5fc51911ef81f28394634e963620b3132fe402e0120f5753 | Triage

Sharing

General

Target

e2185c73f6239d8d5fc51911ef81f28394634e963620b3132fe402e0120f5753
Size

334KB
Sample

220126-yqlv1saba8
MD5

adf5600538e00d4f055042baa795edf6
SHA1

c53bcca9372d49ec2e463b0cb529abd89c5ef49b
SHA256

e2185c73f6239d8d5fc51911ef81f28394634e963620b3132fe402e0120f5753
SHA512

ae291b31633d1b9de6ffb33ce5cb2ab68110699efdca1dbdc538fdbdf20c422e126af32d2be9d7df007c1f750dcd4d94d8f6bf1b871d407055ae22a8a9ced8b0

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e2185c73f6239d8d5fc51911ef81f28394634e963620b3132fe402e0120f5753
- Size
  
  334KB
- MD5
  
  adf5600538e00d4f055042baa795edf6
- SHA1
  
  c53bcca9372d49ec2e463b0cb529abd89c5ef49b
- SHA256
  
  e2185c73f6239d8d5fc51911ef81f28394634e963620b3132fe402e0120f5753
- SHA512
  
  ae291b31633d1b9de6ffb33ce5cb2ab68110699efdca1dbdc538fdbdf20c422e126af32d2be9d7df007c1f750dcd4d94d8f6bf1b871d407055ae22a8a9ced8b0
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan