smokeloader | fc02f9b05421bcfab557b17e03d0aa4a21919077082054d162a62a0a702be6d3 | Triage

Sharing

General

Target

fc02f9b05421bcfab557b17e03d0aa4a21919077082054d162a62a0a702be6d3
Size

357KB
Sample

220128-afdvnaddd7
MD5

9aff07880d11a217d0f8bf8df8aaec72
SHA1

61b5f65fcad845f58e1c6601840f99c0b8266404
SHA256

fc02f9b05421bcfab557b17e03d0aa4a21919077082054d162a62a0a702be6d3
SHA512

923eea0b524f7a3c1c029b2b4a242d724668e4c2692810566bc1524c614e5601b8e7b02e9563e33f5719f0c8d49973c3c2a3ef33ba7432a6bf47c9751628213e

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  fc02f9b05421bcfab557b17e03d0aa4a21919077082054d162a62a0a702be6d3
- Size
  
  357KB
- MD5
  
  9aff07880d11a217d0f8bf8df8aaec72
- SHA1
  
  61b5f65fcad845f58e1c6601840f99c0b8266404
- SHA256
  
  fc02f9b05421bcfab557b17e03d0aa4a21919077082054d162a62a0a702be6d3
- SHA512
  
  923eea0b524f7a3c1c029b2b4a242d724668e4c2692810566bc1524c614e5601b8e7b02e9563e33f5719f0c8d49973c3c2a3ef33ba7432a6bf47c9751628213e
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan