smokeloader | bc35aa01e2f05416bfc38a104cce61fbd45d452ef06e41be65e67165e973614c | Triage

Resubmissions

27-01-2022 15:48

220127-s85g7afbfj 10

27-01-2022 15:47

220127-s8h9ysfbep 5

Sharing

General

Target

6381467847000064.zip
Size

178KB
Sample

220127-s85g7afbfj
MD5

afb63214822e7b85eac2e08fcf97d416
SHA1

727411ddd93764629c07890a146b9adffe58b295
SHA256

bc35aa01e2f05416bfc38a104cce61fbd45d452ef06e41be65e67165e973614c
SHA512

50d12880adc91e60d540f67d79e7f59dd49c6f82a46f66f66cc1b4daf756b69b59d90325889cce2869eaee6a8427ed80fe6395fadf588ad095c7b152c127f6f4

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09
- Size
  
  312KB
- MD5
  
  6ae0d6efc218e9c89545872d79264bad
- SHA1
  
  26cc0c343d8f46bb4f526952cfd954d89fc41021
- SHA256
  
  001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09
- SHA512
  
  e6a9b8bafa000ef3b8f58b6684a4381de03f066206835bee0857c575800d39794e6af0b77c945eba17d1c3096c05f836d69f6357bd8664728408f21f6af125da
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan