smokeloader | c1de864c681ef619954b3d328b040eb87b6ee435b05aa4ca920adb90cef92bad | Triage

Sharing

General

Target

c1de864c681ef619954b3d328b040eb87b6ee435b05aa4ca920adb90cef92bad
Size

352KB
Sample

220128-31yd1sggap
MD5

11956da948be5ff0db1aa9e3832a453b
SHA1

1e53e5b2e5efd33ca6f10125808c383cb71d6382
SHA256

c1de864c681ef619954b3d328b040eb87b6ee435b05aa4ca920adb90cef92bad
SHA512

27b682b2aee8acd988cb39af7cee1063e675137952d2ef84e6840a180fb9239edabc7b45a6dfee915b9c64a4dd0957869e444fe676814feb5b83cd9572d13dc8

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c1de864c681ef619954b3d328b040eb87b6ee435b05aa4ca920adb90cef92bad
- Size
  
  352KB
- MD5
  
  11956da948be5ff0db1aa9e3832a453b
- SHA1
  
  1e53e5b2e5efd33ca6f10125808c383cb71d6382
- SHA256
  
  c1de864c681ef619954b3d328b040eb87b6ee435b05aa4ca920adb90cef92bad
- SHA512
  
  27b682b2aee8acd988cb39af7cee1063e675137952d2ef84e6840a180fb9239edabc7b45a6dfee915b9c64a4dd0957869e444fe676814feb5b83cd9572d13dc8
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan