smokeloader | 7cf4cef3d46eece2e7e3a0eba33785720d387b2872aaf6c1ed0d679c146c41e0 | Triage

Sharing

General

Target

7cf4cef3d46eece2e7e3a0eba33785720d387b2872aaf6c1ed0d679c146c41e0
Size

240KB
Sample

220127-frdlxsgch5
MD5

1b5bdb87102bf606efc39d7202ee1eaa
SHA1

60b62302aa784d1de2e00acc8a75e2f1a2ddc75d
SHA256

7cf4cef3d46eece2e7e3a0eba33785720d387b2872aaf6c1ed0d679c146c41e0
SHA512

cd978cdda39a5b5592de335357666d82358309f632be4d4e229cd77bb6359c727e70e92951616b9c8d0ba0ac7c082164ac37bafb71d3677ef877a39c785e7012

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  7cf4cef3d46eece2e7e3a0eba33785720d387b2872aaf6c1ed0d679c146c41e0
- Size
  
  240KB
- MD5
  
  1b5bdb87102bf606efc39d7202ee1eaa
- SHA1
  
  60b62302aa784d1de2e00acc8a75e2f1a2ddc75d
- SHA256
  
  7cf4cef3d46eece2e7e3a0eba33785720d387b2872aaf6c1ed0d679c146c41e0
- SHA512
  
  cd978cdda39a5b5592de335357666d82358309f632be4d4e229cd77bb6359c727e70e92951616b9c8d0ba0ac7c082164ac37bafb71d3677ef877a39c785e7012
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan