smokeloader | da4e25ba54eae8fa75f9babd1e8c98478334890eeabe30f5367d88ab68d64da8 | Triage

Sharing

General

Target

da4e25ba54eae8fa75f9babd1e8c98478334890eeabe30f5367d88ab68d64da8
Size

189KB
Sample

220127-l1z46sbad8
MD5

398c1a197985daf7cb32f86a16deaa23
SHA1

5b8dd4313f7a4b1a4847b8a36b74acf127defc74
SHA256

da4e25ba54eae8fa75f9babd1e8c98478334890eeabe30f5367d88ab68d64da8
SHA512

18117b27a86e3b1e44ff1769f698d77da7f664e2a9dd2434235b889cbd81d5a18b38f1ec0c87b8e740b79a35406847ba41b1f8789d90475a6fa2ddf937070d08

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  da4e25ba54eae8fa75f9babd1e8c98478334890eeabe30f5367d88ab68d64da8
- Size
  
  189KB
- MD5
  
  398c1a197985daf7cb32f86a16deaa23
- SHA1
  
  5b8dd4313f7a4b1a4847b8a36b74acf127defc74
- SHA256
  
  da4e25ba54eae8fa75f9babd1e8c98478334890eeabe30f5367d88ab68d64da8
- SHA512
  
  18117b27a86e3b1e44ff1769f698d77da7f664e2a9dd2434235b889cbd81d5a18b38f1ec0c87b8e740b79a35406847ba41b1f8789d90475a6fa2ddf937070d08
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan