General

  • Target

    2ee60bdfb5fe9d30053e9ec7bcc9ced98d590b15329ce2f3a19cccb7bfce0d46

  • Size

    190KB

  • Sample

    220127-wjkm9sgfep

  • MD5

    9ac53b736b76d01bcf61cd80adb19369

  • SHA1

    bef7f70f6a5e6ef669e396c40ec3294c8e0b88ab

  • SHA256

    2ee60bdfb5fe9d30053e9ec7bcc9ced98d590b15329ce2f3a19cccb7bfce0d46

  • SHA512

    202e7e6e5e50a774279fa5748da4b97eafa5ad4b6f99a1a006ccca3a214e97d075058f9da637434fb2edd33dabeaa443558e22f0e75352df900406c25cc5bd97

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32
rc4.i32

Targets

    • Target

      2ee60bdfb5fe9d30053e9ec7bcc9ced98d590b15329ce2f3a19cccb7bfce0d46

    • Size

      190KB

    • MD5

      9ac53b736b76d01bcf61cd80adb19369

    • SHA1

      bef7f70f6a5e6ef669e396c40ec3294c8e0b88ab

    • SHA256

      2ee60bdfb5fe9d30053e9ec7bcc9ced98d590b15329ce2f3a19cccb7bfce0d46

    • SHA512

      202e7e6e5e50a774279fa5748da4b97eafa5ad4b6f99a1a006ccca3a214e97d075058f9da637434fb2edd33dabeaa443558e22f0e75352df900406c25cc5bd97

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks