Overview

overview

10

Static

static

001ed20834...09.exe

windows7_x64

10

001ed20834...09.exe

windows10_x64

10

Resubmissions

27-01-2022 15:48

220127-s85g7afbfj 10

27-01-2022 15:47

220127-s8h9ysfbep 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6381467847000064.zip

  • Size

    178KB

  • Sample

    220127-s85g7afbfj

  • MD5

    afb63214822e7b85eac2e08fcf97d416

  • SHA1

    727411ddd93764629c07890a146b9adffe58b295

  • SHA256

    bc35aa01e2f05416bfc38a104cce61fbd45d452ef06e41be65e67165e973614c

  • SHA512

    50d12880adc91e60d540f67d79e7f59dd49c6f82a46f66f66cc1b4daf756b69b59d90325889cce2869eaee6a8427ed80fe6395fadf588ad095c7b152c127f6f4

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/
rc4.i32
rc4.i32

Targets

    • Target

      001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09

    • Size

      312KB

    • MD5

      6ae0d6efc218e9c89545872d79264bad

    • SHA1

      26cc0c343d8f46bb4f526952cfd954d89fc41021

    • SHA256

      001ed2083408002a0bc62382caab167977daad2753cd89cb63886bc786a03e09

    • SHA512

      e6a9b8bafa000ef3b8f58b6684a4381de03f066206835bee0857c575800d39794e6af0b77c945eba17d1c3096c05f836d69f6357bd8664728408f21f6af125da

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks