smokeloader | 59a4184c98009e37aa22e9098c38e1a00bb32a9100bed03b578bc3ddb7a95970 | Triage

Sharing

General

Target

59a4184c98009e37aa22e9098c38e1a00bb32a9100bed03b578bc3ddb7a95970
Size

190KB
Sample

220127-tszsfagbf7
MD5

ad870610b535c962eb19bed0dc15421d
SHA1

1d38a71c0a221ab70e1ddcea47ae90aeae88f28d
SHA256

59a4184c98009e37aa22e9098c38e1a00bb32a9100bed03b578bc3ddb7a95970
SHA512

ffa12fb71f5e88073f49bfe9f81a9574d405e5eee006f7f664a18bb46c9fea47dde3feaaab06004cd1f12b104cb3a0c1e761f9f24e149738ebc37e6b43d4eacb

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  59a4184c98009e37aa22e9098c38e1a00bb32a9100bed03b578bc3ddb7a95970
- Size
  
  190KB
- MD5
  
  ad870610b535c962eb19bed0dc15421d
- SHA1
  
  1d38a71c0a221ab70e1ddcea47ae90aeae88f28d
- SHA256
  
  59a4184c98009e37aa22e9098c38e1a00bb32a9100bed03b578bc3ddb7a95970
- SHA512
  
  ffa12fb71f5e88073f49bfe9f81a9574d405e5eee006f7f664a18bb46c9fea47dde3feaaab06004cd1f12b104cb3a0c1e761f9f24e149738ebc37e6b43d4eacb
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan