smokeloader | fd7c66a318652505d0d786f1ab95239ad0f98c87872971b8e842080f6dda9413 | Triage

Sharing

General

Target

fd7c66a318652505d0d786f1ab95239ad0f98c87872971b8e842080f6dda9413
Size

241KB
Sample

220127-dg72nseeek
MD5

bc95ec1ba3f071be23627c206d4f27b0
SHA1

c4ca4784189cd2e98be66b6822111151d3de5de2
SHA256

fd7c66a318652505d0d786f1ab95239ad0f98c87872971b8e842080f6dda9413
SHA512

19873828c684f8217e9b0b77ae41cfcab9924b4102bc8f50999c8c8b8a8e4130525d0a535b40b209423da48719bf91ed42d7909cd1732044bfc62ab5c726d7e9

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fd7c66a318652505d0d786f1ab95239ad0f98c87872971b8e842080f6dda9413
- Size
  
  241KB
- MD5
  
  bc95ec1ba3f071be23627c206d4f27b0
- SHA1
  
  c4ca4784189cd2e98be66b6822111151d3de5de2
- SHA256
  
  fd7c66a318652505d0d786f1ab95239ad0f98c87872971b8e842080f6dda9413
- SHA512
  
  19873828c684f8217e9b0b77ae41cfcab9924b4102bc8f50999c8c8b8a8e4130525d0a535b40b209423da48719bf91ed42d7909cd1732044bfc62ab5c726d7e9
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan