smokeloader | 239613cec88f5f95c9e9f4ec5361c95f9b1f3d8f0a75dab35b72c130b8a15757 | Triage

Sharing

General

Target

239613cec88f5f95c9e9f4ec5361c95f9b1f3d8f0a75dab35b72c130b8a15757
Size

352KB
Sample

220128-24zktafghp
MD5

505203269796430a2783151a7d1c3f8b
SHA1

309f6e146d1cf71c55c1a9611197ac4f7623bd60
SHA256

239613cec88f5f95c9e9f4ec5361c95f9b1f3d8f0a75dab35b72c130b8a15757
SHA512

9ef1711be85ce6f9d7415f872735ddfb78430778a9c3d6f4d8f91a62746475df2cefb18e079ad3c453991e3e97fa45bd71a44d539f757e3288322a020ec70083

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  239613cec88f5f95c9e9f4ec5361c95f9b1f3d8f0a75dab35b72c130b8a15757
- Size
  
  352KB
- MD5
  
  505203269796430a2783151a7d1c3f8b
- SHA1
  
  309f6e146d1cf71c55c1a9611197ac4f7623bd60
- SHA256
  
  239613cec88f5f95c9e9f4ec5361c95f9b1f3d8f0a75dab35b72c130b8a15757
- SHA512
  
  9ef1711be85ce6f9d7415f872735ddfb78430778a9c3d6f4d8f91a62746475df2cefb18e079ad3c453991e3e97fa45bd71a44d539f757e3288322a020ec70083
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan