smokeloader | ecbcdb0c66051f5c421f8f2b1d66130b4b5d2d2c6e7b927e0ef6e2f20ce2c1eb | Triage

Sharing

General

Target

ecbcdb0c66051f5c421f8f2b1d66130b4b5d2d2c6e7b927e0ef6e2f20ce2c1eb
Size

190KB
Sample

220127-zvj3nabad6
MD5

1acbff9c58cf59805ad4b72ae2fe392f
SHA1

187281ef004cc6aeb3353e9d208ab0deb6837585
SHA256

ecbcdb0c66051f5c421f8f2b1d66130b4b5d2d2c6e7b927e0ef6e2f20ce2c1eb
SHA512

6cb2601d2b74d5da89b321c133a5888e9d90e6545c72b3f088e070c509d94de3f5b665522fce7accb03d38d71f8ce21494bd1812922f391b15dd7ba8a2eb94b1

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ecbcdb0c66051f5c421f8f2b1d66130b4b5d2d2c6e7b927e0ef6e2f20ce2c1eb
- Size
  
  190KB
- MD5
  
  1acbff9c58cf59805ad4b72ae2fe392f
- SHA1
  
  187281ef004cc6aeb3353e9d208ab0deb6837585
- SHA256
  
  ecbcdb0c66051f5c421f8f2b1d66130b4b5d2d2c6e7b927e0ef6e2f20ce2c1eb
- SHA512
  
  6cb2601d2b74d5da89b321c133a5888e9d90e6545c72b3f088e070c509d94de3f5b665522fce7accb03d38d71f8ce21494bd1812922f391b15dd7ba8a2eb94b1
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan