smokeloader | 5d69ec75d619a2434db9c20d1bec81df76a2cafe7eef94c319bf735eead3ace7 | Triage

Sharing

General

Target

5d69ec75d619a2434db9c20d1bec81df76a2cafe7eef94c319bf735eead3ace7
Size

190KB
Sample

220127-n4wx2acbcm
MD5

48bdc0a3fe2c5bea207211bb346538b4
SHA1

28ae64e0453a55dd75a4089d7d8aa20ceb6a3267
SHA256

5d69ec75d619a2434db9c20d1bec81df76a2cafe7eef94c319bf735eead3ace7
SHA512

21c6c6e184ffa781e8ced180c779395960ff1bbca4cb084f3e3bcf59690dc6797fbcc5c2b59f155f8223b108c4027bb4d79e5bd450f9188461a49f5e0a116602

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  5d69ec75d619a2434db9c20d1bec81df76a2cafe7eef94c319bf735eead3ace7
- Size
  
  190KB
- MD5
  
  48bdc0a3fe2c5bea207211bb346538b4
- SHA1
  
  28ae64e0453a55dd75a4089d7d8aa20ceb6a3267
- SHA256
  
  5d69ec75d619a2434db9c20d1bec81df76a2cafe7eef94c319bf735eead3ace7
- SHA512
  
  21c6c6e184ffa781e8ced180c779395960ff1bbca4cb084f3e3bcf59690dc6797fbcc5c2b59f155f8223b108c4027bb4d79e5bd450f9188461a49f5e0a116602
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan