smokeloader | 36d5257db370921850cf447f4cbda680121d96604b12a0958434c31d71fa9964 | Triage

Sharing

General

Target

36d5257db370921850cf447f4cbda680121d96604b12a0958434c31d71fa9964
Size

241KB
Sample

220127-j719pshhaj
MD5

63e53cb9c5fce8cb51c409a8d2e7def4
SHA1

69aa4c4da55e3d33b60e6198250c47480b9548c9
SHA256

36d5257db370921850cf447f4cbda680121d96604b12a0958434c31d71fa9964
SHA512

c4d0f1a0d9ac9c7e8e711b6426d706fdd8ea359ac4ac60af99a158ab2a75bfcc2d74e5611766d25a0d083cdba490497b250c6c3c2d0d38811572c0abead8a203

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  36d5257db370921850cf447f4cbda680121d96604b12a0958434c31d71fa9964
- Size
  
  241KB
- MD5
  
  63e53cb9c5fce8cb51c409a8d2e7def4
- SHA1
  
  69aa4c4da55e3d33b60e6198250c47480b9548c9
- SHA256
  
  36d5257db370921850cf447f4cbda680121d96604b12a0958434c31d71fa9964
- SHA512
  
  c4d0f1a0d9ac9c7e8e711b6426d706fdd8ea359ac4ac60af99a158ab2a75bfcc2d74e5611766d25a0d083cdba490497b250c6c3c2d0d38811572c0abead8a203
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan