smokeloader | 88ac4e8fde43cf5c198c3ba80a8c836c256e754d49476c99edb480ece1f5e82f | Triage

Sharing

General

Target

88ac4e8fde43cf5c198c3ba80a8c836c256e754d49476c99edb480ece1f5e82f
Size

190KB
Sample

220127-1pqtpabbcr
MD5

ed6aa7c965071baeb9df7d84ba6e10f0
SHA1

5b24b29d033d61f60fb8534d5cb9661022b0a804
SHA256

88ac4e8fde43cf5c198c3ba80a8c836c256e754d49476c99edb480ece1f5e82f
SHA512

3c55813abbc24b0aa216d9388251872f2af78569cd98321cd43f244249f80a72b26b504ce8ac07276b17ad535ef3123c60a1c05c7799d276ba0e680581af67bc

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  88ac4e8fde43cf5c198c3ba80a8c836c256e754d49476c99edb480ece1f5e82f
- Size
  
  190KB
- MD5
  
  ed6aa7c965071baeb9df7d84ba6e10f0
- SHA1
  
  5b24b29d033d61f60fb8534d5cb9661022b0a804
- SHA256
  
  88ac4e8fde43cf5c198c3ba80a8c836c256e754d49476c99edb480ece1f5e82f
- SHA512
  
  3c55813abbc24b0aa216d9388251872f2af78569cd98321cd43f244249f80a72b26b504ce8ac07276b17ad535ef3123c60a1c05c7799d276ba0e680581af67bc
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan