smokeloader | ea73a6811887921ca2dbbd107e41be2a7249bf2ea73700fa87b051a367c36c3f | Triage

Sharing

General

Target

ea73a6811887921ca2dbbd107e41be2a7249bf2ea73700fa87b051a367c36c3f
Size

191KB
Sample

220127-paw7dacff4
MD5

4c8435b480189d501c2e76fda59f69f9
SHA1

e10ba38cb071c14ea3a822e715add46f6016012f
SHA256

ea73a6811887921ca2dbbd107e41be2a7249bf2ea73700fa87b051a367c36c3f
SHA512

63e36d20879b921c65c35daf2ac796d92b8137c5b7fb5608c2f371d105359507785dde2b3f696580551088c30fb2e16e935ffe5755284d3cbb01abac1bf328a1

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ea73a6811887921ca2dbbd107e41be2a7249bf2ea73700fa87b051a367c36c3f
- Size
  
  191KB
- MD5
  
  4c8435b480189d501c2e76fda59f69f9
- SHA1
  
  e10ba38cb071c14ea3a822e715add46f6016012f
- SHA256
  
  ea73a6811887921ca2dbbd107e41be2a7249bf2ea73700fa87b051a367c36c3f
- SHA512
  
  63e36d20879b921c65c35daf2ac796d92b8137c5b7fb5608c2f371d105359507785dde2b3f696580551088c30fb2e16e935ffe5755284d3cbb01abac1bf328a1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan