smokeloader | 9aec9590d7bf877904bebc6e4c8e8ac9968ed51a1e2bea86e9008ce48faaf8a2 | Triage

Sharing

General

Target

9aec9590d7bf877904bebc6e4c8e8ac9968ed51a1e2bea86e9008ce48faaf8a2
Size

356KB
Sample

220128-flzbfagcc8
MD5

84d78927a5bc7c3c510333cf89cb49e3
SHA1

a47a1a90351cb8287e38db9fe65b815718c4d035
SHA256

9aec9590d7bf877904bebc6e4c8e8ac9968ed51a1e2bea86e9008ce48faaf8a2
SHA512

c76b4fa28ba5f122d509cd29f19cfbd35901272afa69a58330495b7aba1454ce25aafa873297c12057115fbc23882b8bb5bcec723760feb18638f760bf138feb

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9aec9590d7bf877904bebc6e4c8e8ac9968ed51a1e2bea86e9008ce48faaf8a2
- Size
  
  356KB
- MD5
  
  84d78927a5bc7c3c510333cf89cb49e3
- SHA1
  
  a47a1a90351cb8287e38db9fe65b815718c4d035
- SHA256
  
  9aec9590d7bf877904bebc6e4c8e8ac9968ed51a1e2bea86e9008ce48faaf8a2
- SHA512
  
  c76b4fa28ba5f122d509cd29f19cfbd35901272afa69a58330495b7aba1454ce25aafa873297c12057115fbc23882b8bb5bcec723760feb18638f760bf138feb
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan