smokeloader | 3d6425cf292c5a78f2014754d8a3368a934110587077584bc54b54642609b1f0 | Triage

Sharing

General

Target

b87d122c545b8dcdab899620aead7068.exe
Size

189KB
Sample

220127-t1er8sfgep
MD5

b87d122c545b8dcdab899620aead7068
SHA1

b039d8a382e4323d08d444b3190ea936185e9404
SHA256

3d6425cf292c5a78f2014754d8a3368a934110587077584bc54b54642609b1f0
SHA512

08d6cf272536f7a7770b89c9b29d387303584781a5752c542335a8d63ce9cd1fa3ba850e615abd920e349b353edf6b0bc9994dab5e4f9ab05f6dfd9245898435

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  b87d122c545b8dcdab899620aead7068.exe
- Size
  
  189KB
- MD5
  
  b87d122c545b8dcdab899620aead7068
- SHA1
  
  b039d8a382e4323d08d444b3190ea936185e9404
- SHA256
  
  3d6425cf292c5a78f2014754d8a3368a934110587077584bc54b54642609b1f0
- SHA512
  
  08d6cf272536f7a7770b89c9b29d387303584781a5752c542335a8d63ce9cd1fa3ba850e615abd920e349b353edf6b0bc9994dab5e4f9ab05f6dfd9245898435
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan