smokeloader | 04b111587678c11c580961c1b996ec0c881af47f3b919b69f5f6e5852775e44e | Triage

Sharing

General

Target

04b111587678c11c580961c1b996ec0c881af47f3b919b69f5f6e5852775e44e
Size

190KB
Sample

220127-26k57scbdp
MD5

b2eb7cc68d576eb297f298c8ae1767a9
SHA1

7e2d24c6b9a93f261965fc33e610da5220d837f4
SHA256

04b111587678c11c580961c1b996ec0c881af47f3b919b69f5f6e5852775e44e
SHA512

0efb89285d6fa1767e4a4e31d5957ea42fb8df0d1255ef7fb3e9da17385476c4abf65a24b243c3ddb8c252a70abcf18f0aaaaab4c21427dd61d2b85575f33fb5

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  04b111587678c11c580961c1b996ec0c881af47f3b919b69f5f6e5852775e44e
- Size
  
  190KB
- MD5
  
  b2eb7cc68d576eb297f298c8ae1767a9
- SHA1
  
  7e2d24c6b9a93f261965fc33e610da5220d837f4
- SHA256
  
  04b111587678c11c580961c1b996ec0c881af47f3b919b69f5f6e5852775e44e
- SHA512
  
  0efb89285d6fa1767e4a4e31d5957ea42fb8df0d1255ef7fb3e9da17385476c4abf65a24b243c3ddb8c252a70abcf18f0aaaaab4c21427dd61d2b85575f33fb5
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan