Overview

overview

10

Static

static

e316fc6ece...14.exe

windows7_x64

10

e316fc6ece...14.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e316fc6eceb6ff152c049e7128e55314.exe

  • Size

    333KB

  • Sample

    220127-jmj5pahgb8

  • MD5

    e316fc6eceb6ff152c049e7128e55314

  • SHA1

    c1752ee2d55cdb6753f306f3655a2558950f16c5

  • SHA256

    24ad280cb556a710380a0c91468614d0c09824feace617825461330e96267aaa

  • SHA512

    a44f4c70c9d649cacd8cb8838e8859e4d65f465be9fa64ea879c0f2b50e23a87fd7e8c906a7a69eeaaa6caf707885bac24334e8182ec07e84484f7b2d40baa0c

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/
rc4.i32
rc4.i32

Targets

    • Target

      e316fc6eceb6ff152c049e7128e55314.exe

    • Size

      333KB

    • MD5

      e316fc6eceb6ff152c049e7128e55314

    • SHA1

      c1752ee2d55cdb6753f306f3655a2558950f16c5

    • SHA256

      24ad280cb556a710380a0c91468614d0c09824feace617825461330e96267aaa

    • SHA512

      a44f4c70c9d649cacd8cb8838e8859e4d65f465be9fa64ea879c0f2b50e23a87fd7e8c906a7a69eeaaa6caf707885bac24334e8182ec07e84484f7b2d40baa0c

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks