smokeloader | cb98febd63faed6d96127e7487e10fb029690f3f51613163c8cec6bbd2bc6d74 | Triage

Sharing

General

Target

cb98febd63faed6d96127e7487e10fb029690f3f51613163c8cec6bbd2bc6d74
Size

241KB
Sample

220127-fpb1bagack
MD5

7d981c9888c8414e7ae5da6fd7c7d23d
SHA1

da8ed3634179c61b596d4f1a22ad8429fbd4d7f1
SHA256

cb98febd63faed6d96127e7487e10fb029690f3f51613163c8cec6bbd2bc6d74
SHA512

ed50b62911ff0f4f32b3b1a8d154ad5fedcf01fc12f79543a9694ccbf631fdc43c100b18a790be20d809d644ae64647569169845e76151c08872cad06670b0cf

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  cb98febd63faed6d96127e7487e10fb029690f3f51613163c8cec6bbd2bc6d74
- Size
  
  241KB
- MD5
  
  7d981c9888c8414e7ae5da6fd7c7d23d
- SHA1
  
  da8ed3634179c61b596d4f1a22ad8429fbd4d7f1
- SHA256
  
  cb98febd63faed6d96127e7487e10fb029690f3f51613163c8cec6bbd2bc6d74
- SHA512
  
  ed50b62911ff0f4f32b3b1a8d154ad5fedcf01fc12f79543a9694ccbf631fdc43c100b18a790be20d809d644ae64647569169845e76151c08872cad06670b0cf
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan