smokeloader | d008cf095744c3df438fb5b1984b313a24c5ce16283c1480f5050e76ec0e84d3 | Triage

Sharing

General

Target

d008cf095744c3df438fb5b1984b313a24c5ce16283c1480f5050e76ec0e84d3
Size

356KB
Sample

220128-j7vf6ahgbm
MD5

53f48d3a5bbb1335b48100830b699998
SHA1

95913065124826b1c32c76feb21c3c3d2ca60829
SHA256

d008cf095744c3df438fb5b1984b313a24c5ce16283c1480f5050e76ec0e84d3
SHA512

f67784d3f4d2dba18b4019209e5e599806cfdeabe76b1288501fdce835bc78b707d447c548228b709b48ee0e1458f43487fc7c661cdb97d78fdf69dc36b6ab77

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d008cf095744c3df438fb5b1984b313a24c5ce16283c1480f5050e76ec0e84d3
- Size
  
  356KB
- MD5
  
  53f48d3a5bbb1335b48100830b699998
- SHA1
  
  95913065124826b1c32c76feb21c3c3d2ca60829
- SHA256
  
  d008cf095744c3df438fb5b1984b313a24c5ce16283c1480f5050e76ec0e84d3
- SHA512
  
  f67784d3f4d2dba18b4019209e5e599806cfdeabe76b1288501fdce835bc78b707d447c548228b709b48ee0e1458f43487fc7c661cdb97d78fdf69dc36b6ab77
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan