smokeloader | 87c90405072a62a05a32c3923cc72150076695945faeaa5796453488fc9a2e21 | Triage

Sharing

General

Target

87c90405072a62a05a32c3923cc72150076695945faeaa5796453488fc9a2e21
Size

356KB
Sample

220128-fj44xagcb9
MD5

8f81fd81f5d130d6a69e6643b9d42e46
SHA1

65d7516e3793a0cbf27667dd8d9b4ff8926f52d7
SHA256

87c90405072a62a05a32c3923cc72150076695945faeaa5796453488fc9a2e21
SHA512

f8d095c309fb447be377315720214a9d72709df2f6c48ea0904cb59219fc18033051df86840f6efae627fd9b930ce0aa0fd574be72bf4bc5e7c37aeb1f9bf72f

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  87c90405072a62a05a32c3923cc72150076695945faeaa5796453488fc9a2e21
- Size
  
  356KB
- MD5
  
  8f81fd81f5d130d6a69e6643b9d42e46
- SHA1
  
  65d7516e3793a0cbf27667dd8d9b4ff8926f52d7
- SHA256
  
  87c90405072a62a05a32c3923cc72150076695945faeaa5796453488fc9a2e21
- SHA512
  
  f8d095c309fb447be377315720214a9d72709df2f6c48ea0904cb59219fc18033051df86840f6efae627fd9b930ce0aa0fd574be72bf4bc5e7c37aeb1f9bf72f
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan