smokeloader | 278e6e1022b1942b85f205648a7030a7ab1433f9ac474358d69fc4965ca0f20a | Triage

Sharing

General

Target

278e6e1022b1942b85f205648a7030a7ab1433f9ac474358d69fc4965ca0f20a
Size

241KB
Sample

220127-bhq4fadeg5
MD5

6bdd6c6b9538fdf8f7defd95bd74595b
SHA1

d075d5b39022bbcfa3640ba0aa13f034a39e98fe
SHA256

278e6e1022b1942b85f205648a7030a7ab1433f9ac474358d69fc4965ca0f20a
SHA512

cb24f53528e782bf82557683ba5ecc3aed659f304a380b8efe0342f7d77ba0be9a5c65cd56035082a786f4155e1bf3a7e7ed84dfb3b8efe50291478addd25526

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  278e6e1022b1942b85f205648a7030a7ab1433f9ac474358d69fc4965ca0f20a
- Size
  
  241KB
- MD5
  
  6bdd6c6b9538fdf8f7defd95bd74595b
- SHA1
  
  d075d5b39022bbcfa3640ba0aa13f034a39e98fe
- SHA256
  
  278e6e1022b1942b85f205648a7030a7ab1433f9ac474358d69fc4965ca0f20a
- SHA512
  
  cb24f53528e782bf82557683ba5ecc3aed659f304a380b8efe0342f7d77ba0be9a5c65cd56035082a786f4155e1bf3a7e7ed84dfb3b8efe50291478addd25526
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan