smokeloader | 84cc99687002d6147db7c8e3ba8cf543c47662933b62a061877e4168e46387c3 | Triage

Sharing

General

Target

84cc99687002d6147db7c8e3ba8cf543c47662933b62a061877e4168e46387c3
Size

190KB
Sample

220127-2fc2xabgbj
MD5

e069dfa3352b70002ed17b345f780c3e
SHA1

1835aec8514ec6598c9077c6d0b8474d84d3960b
SHA256

84cc99687002d6147db7c8e3ba8cf543c47662933b62a061877e4168e46387c3
SHA512

5efe130ff6c40e4c53beccde7a09de44c0eb76eef03da096bdf2c13707631686aaa2005993db89d0fe4beb7b6248c223f32c93d64625c217ea26543433e0915b

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  84cc99687002d6147db7c8e3ba8cf543c47662933b62a061877e4168e46387c3
- Size
  
  190KB
- MD5
  
  e069dfa3352b70002ed17b345f780c3e
- SHA1
  
  1835aec8514ec6598c9077c6d0b8474d84d3960b
- SHA256
  
  84cc99687002d6147db7c8e3ba8cf543c47662933b62a061877e4168e46387c3
- SHA512
  
  5efe130ff6c40e4c53beccde7a09de44c0eb76eef03da096bdf2c13707631686aaa2005993db89d0fe4beb7b6248c223f32c93d64625c217ea26543433e0915b
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan