smokeloader | e2c230cd0a480df345cf129af0f3fdd985f7a1bbe50bc90b53926e67aebfa15e | Triage

Sharing

General

Target

e2c230cd0a480df345cf129af0f3fdd985f7a1bbe50bc90b53926e67aebfa15e
Size

191KB
Sample

220127-r27hjaedbj
MD5

d5e355b2f8756fb50215046d9cc8865c
SHA1

edb5b9c917262e62c46ab47570263a87d0fa3ab8
SHA256

e2c230cd0a480df345cf129af0f3fdd985f7a1bbe50bc90b53926e67aebfa15e
SHA512

c2a3d7889fdd9becc57a294b6904edbbda8d75ca93bd3265b32a893e14e9097dfa12dbcceecf92fc3c4e26408726b9433da10aad43fec740297c429bbd577e5b

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e2c230cd0a480df345cf129af0f3fdd985f7a1bbe50bc90b53926e67aebfa15e
- Size
  
  191KB
- MD5
  
  d5e355b2f8756fb50215046d9cc8865c
- SHA1
  
  edb5b9c917262e62c46ab47570263a87d0fa3ab8
- SHA256
  
  e2c230cd0a480df345cf129af0f3fdd985f7a1bbe50bc90b53926e67aebfa15e
- SHA512
  
  c2a3d7889fdd9becc57a294b6904edbbda8d75ca93bd3265b32a893e14e9097dfa12dbcceecf92fc3c4e26408726b9433da10aad43fec740297c429bbd577e5b
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan