General

  • Target

    30992bd7993a1f698c11d69c5c3e7cf440268cb32e51318e29142f12bd550981

  • Size

    190KB

  • Sample

    220127-weld1ahcc9

  • MD5

    fc984dab945855a82bd58a4f2b8e6d94

  • SHA1

    b06fd09f7a32c7cd8baf7e291a01d384eafd7542

  • SHA256

    30992bd7993a1f698c11d69c5c3e7cf440268cb32e51318e29142f12bd550981

  • SHA512

    f237e8de58c341648b8da2ff9483fa893d39592d079f8b702a3c42bfbf06676b3b93e9d0cf65f1b990910c6386a76e2bd22a56306fd473e3c082a9781f9634c3

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32
rc4.i32

Targets

    • Target

      30992bd7993a1f698c11d69c5c3e7cf440268cb32e51318e29142f12bd550981

    • Size

      190KB

    • MD5

      fc984dab945855a82bd58a4f2b8e6d94

    • SHA1

      b06fd09f7a32c7cd8baf7e291a01d384eafd7542

    • SHA256

      30992bd7993a1f698c11d69c5c3e7cf440268cb32e51318e29142f12bd550981

    • SHA512

      f237e8de58c341648b8da2ff9483fa893d39592d079f8b702a3c42bfbf06676b3b93e9d0cf65f1b990910c6386a76e2bd22a56306fd473e3c082a9781f9634c3

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks