smokeloader | ef1c89a25c0414f41694bd95318370df3fe7e0428c1725a2b1c719eaec759170 | Triage

Sharing

General

Target

ef1c89a25c0414f41694bd95318370df3fe7e0428c1725a2b1c719eaec759170
Size

352KB
Sample

220128-3xn16sgfcp
MD5

4b4a446e64e4da009403d32278941ed0
SHA1

c161d17a341fc95cd8cbe3eb7abe3e654239a27d
SHA256

ef1c89a25c0414f41694bd95318370df3fe7e0428c1725a2b1c719eaec759170
SHA512

cb73611376606edbf26ccc2643c9785edbe1fd01211880f439f3f1eae002f7d5ca084e70e3fc7b415ea9dd0c5ff53da333c8d5e820ef4db156de1403e31cbe06

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ef1c89a25c0414f41694bd95318370df3fe7e0428c1725a2b1c719eaec759170
- Size
  
  352KB
- MD5
  
  4b4a446e64e4da009403d32278941ed0
- SHA1
  
  c161d17a341fc95cd8cbe3eb7abe3e654239a27d
- SHA256
  
  ef1c89a25c0414f41694bd95318370df3fe7e0428c1725a2b1c719eaec759170
- SHA512
  
  cb73611376606edbf26ccc2643c9785edbe1fd01211880f439f3f1eae002f7d5ca084e70e3fc7b415ea9dd0c5ff53da333c8d5e820ef4db156de1403e31cbe06
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan