smokeloader | 3af52c8b82da1b19bb393bea564e25e82dacaca7644242f8ec444ed0ab418159 | Triage

Sharing

General

Target

3af52c8b82da1b19bb393bea564e25e82dacaca7644242f8ec444ed0ab418159
Size

241KB
Sample

220127-hbaw7shbe5
MD5

b341d1a711a365f62f7e89f23871d53c
SHA1

4294e840238eef1c74be58659ab28974f2d17038
SHA256

3af52c8b82da1b19bb393bea564e25e82dacaca7644242f8ec444ed0ab418159
SHA512

90da0e59befd5fbc2a78478bd883851a3c29d6cc7daf6c70e62f979d18238ef7296e71be7966eaef5cfdaa163b046ec4dc931d8b7bcb3bd09dcad5dc2fa5ebfd

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3af52c8b82da1b19bb393bea564e25e82dacaca7644242f8ec444ed0ab418159
- Size
  
  241KB
- MD5
  
  b341d1a711a365f62f7e89f23871d53c
- SHA1
  
  4294e840238eef1c74be58659ab28974f2d17038
- SHA256
  
  3af52c8b82da1b19bb393bea564e25e82dacaca7644242f8ec444ed0ab418159
- SHA512
  
  90da0e59befd5fbc2a78478bd883851a3c29d6cc7daf6c70e62f979d18238ef7296e71be7966eaef5cfdaa163b046ec4dc931d8b7bcb3bd09dcad5dc2fa5ebfd
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan