smokeloader | afcb800f92f2e61d02b158a785e585d269eb9d30edf53465f4933105514bc7a5 | Triage

Sharing

General

Target

afcb800f92f2e61d02b158a785e585d269eb9d30edf53465f4933105514bc7a5
Size

356KB
Sample

220128-j9k1hahgbr
MD5

a3aa4f022cd57e305dd53d9860d151de
SHA1

31c57066a99a066d3d0efdb95cf83eb5dcf2aca3
SHA256

afcb800f92f2e61d02b158a785e585d269eb9d30edf53465f4933105514bc7a5
SHA512

70497a2002d367a58431b807eb7921b134ea0812e5f289ee4b853907234a1576db2a878cbd6e70f0c2a2172f7f59aed74a1658dca04dc50ab5b4f98fa885c581

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  afcb800f92f2e61d02b158a785e585d269eb9d30edf53465f4933105514bc7a5
- Size
  
  356KB
- MD5
  
  a3aa4f022cd57e305dd53d9860d151de
- SHA1
  
  31c57066a99a066d3d0efdb95cf83eb5dcf2aca3
- SHA256
  
  afcb800f92f2e61d02b158a785e585d269eb9d30edf53465f4933105514bc7a5
- SHA512
  
  70497a2002d367a58431b807eb7921b134ea0812e5f289ee4b853907234a1576db2a878cbd6e70f0c2a2172f7f59aed74a1658dca04dc50ab5b4f98fa885c581
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan