smokeloader | 50376568d0e0fc54e75bc56ed484beed71a1f00a1ca5baa36b68f67ba7108173 | Triage

Sharing

General

Target

50376568d0e0fc54e75bc56ed484beed71a1f00a1ca5baa36b68f67ba7108173
Size

356KB
Sample

220128-anp8nadee7
MD5

a5190456d1803cd485b5d6b24f45e73e
SHA1

ef19a5ba439ad4d8cbb12db8f1112d5dd4afd979
SHA256

50376568d0e0fc54e75bc56ed484beed71a1f00a1ca5baa36b68f67ba7108173
SHA512

ed72620e12da21703202673512e423c542c6c0c0eafc8f4ceeb66b44b1c9ef4f94191de4378abadc4ac35833d52a6fe4c8ed64db8edf53c05a14c4a3d4418118

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  50376568d0e0fc54e75bc56ed484beed71a1f00a1ca5baa36b68f67ba7108173
- Size
  
  356KB
- MD5
  
  a5190456d1803cd485b5d6b24f45e73e
- SHA1
  
  ef19a5ba439ad4d8cbb12db8f1112d5dd4afd979
- SHA256
  
  50376568d0e0fc54e75bc56ed484beed71a1f00a1ca5baa36b68f67ba7108173
- SHA512
  
  ed72620e12da21703202673512e423c542c6c0c0eafc8f4ceeb66b44b1c9ef4f94191de4378abadc4ac35833d52a6fe4c8ed64db8edf53c05a14c4a3d4418118
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan