smokeloader | 209e3e1de0c35f0c62e45bd04213597d7da3e28618b53ca7077b13f6731ccb53 | Triage

Sharing

General

Target

209e3e1de0c35f0c62e45bd04213597d7da3e28618b53ca7077b13f6731ccb53
Size

241KB
Sample

220127-hjaw6shcf2
MD5

ca8028962891d802eb9a0800ef4542e1
SHA1

2ef8a4bb0c45ae49d4e1718bf3335df79dde4fc1
SHA256

209e3e1de0c35f0c62e45bd04213597d7da3e28618b53ca7077b13f6731ccb53
SHA512

a538acf7e1ecf0588587564cb83e2ada8232f3ec8b038efe2bb9e7f51659dfeb05a448aa7740e60e06341eaafd89c9eda59d1ff736d2f8fb85cd9144ddfc7ad6

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  209e3e1de0c35f0c62e45bd04213597d7da3e28618b53ca7077b13f6731ccb53
- Size
  
  241KB
- MD5
  
  ca8028962891d802eb9a0800ef4542e1
- SHA1
  
  2ef8a4bb0c45ae49d4e1718bf3335df79dde4fc1
- SHA256
  
  209e3e1de0c35f0c62e45bd04213597d7da3e28618b53ca7077b13f6731ccb53
- SHA512
  
  a538acf7e1ecf0588587564cb83e2ada8232f3ec8b038efe2bb9e7f51659dfeb05a448aa7740e60e06341eaafd89c9eda59d1ff736d2f8fb85cd9144ddfc7ad6
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan