smokeloader | 64d0a7328d5808964e5c9a906f89af275681e91542839ae2b6ae38bd397bd331 | Triage

Sharing

General

Target

64d0a7328d5808964e5c9a906f89af275681e91542839ae2b6ae38bd397bd331
Size

189KB
Sample

220127-lxp5ssagar
MD5

c45ae284dcf4a15dbdd913c921e59c28
SHA1

237fade97880ab0eaba0bc461871e66b6530a4c7
SHA256

64d0a7328d5808964e5c9a906f89af275681e91542839ae2b6ae38bd397bd331
SHA512

7914106ea0bf76843523bad1570219c2346439f34e0865056243a6b99001712987bc87d519ab8971fd6d951a2ceadab79fb0627c02eebf35241bb3563d3e3d5d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  64d0a7328d5808964e5c9a906f89af275681e91542839ae2b6ae38bd397bd331
- Size
  
  189KB
- MD5
  
  c45ae284dcf4a15dbdd913c921e59c28
- SHA1
  
  237fade97880ab0eaba0bc461871e66b6530a4c7
- SHA256
  
  64d0a7328d5808964e5c9a906f89af275681e91542839ae2b6ae38bd397bd331
- SHA512
  
  7914106ea0bf76843523bad1570219c2346439f34e0865056243a6b99001712987bc87d519ab8971fd6d951a2ceadab79fb0627c02eebf35241bb3563d3e3d5d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan