smokeloader | 8366589cf500c413059d816563905de4e7cbefdd126b66bb75f2916eca14c292 | Triage

Sharing

General

Target

8366589cf500c413059d816563905de4e7cbefdd126b66bb75f2916eca14c292
Size

356KB
Sample

220128-h2ps2sghfr
MD5

b918c19a5fea69952bb273b9c0a13530
SHA1

116c6e4bfe5f9d735fde554a6515b3fcd3c9a173
SHA256

8366589cf500c413059d816563905de4e7cbefdd126b66bb75f2916eca14c292
SHA512

eba56a6712d4d9449ae2ca3f0577af3b907f528c82be57fc58fde0e98eb9988d94d3c55cc20e526826821fec57088b9955fe3c7c67ef5c4787cf9d4485ed92f2

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  8366589cf500c413059d816563905de4e7cbefdd126b66bb75f2916eca14c292
- Size
  
  356KB
- MD5
  
  b918c19a5fea69952bb273b9c0a13530
- SHA1
  
  116c6e4bfe5f9d735fde554a6515b3fcd3c9a173
- SHA256
  
  8366589cf500c413059d816563905de4e7cbefdd126b66bb75f2916eca14c292
- SHA512
  
  eba56a6712d4d9449ae2ca3f0577af3b907f528c82be57fc58fde0e98eb9988d94d3c55cc20e526826821fec57088b9955fe3c7c67ef5c4787cf9d4485ed92f2
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan