smokeloader | ca6bb32ad6e91b3132ff75a85bc74aad1179297bf204e3670004a0f984bc0b15 | Triage

Sharing

General

Target

ca6bb32ad6e91b3132ff75a85bc74aad1179297bf204e3670004a0f984bc0b15
Size

356KB
Sample

220128-lr8pysafgn
MD5

fb50f4f94abd48dea11d5175150e1a64
SHA1

840a7f3aa9d41f7b33b87052578b90ea5be549f9
SHA256

ca6bb32ad6e91b3132ff75a85bc74aad1179297bf204e3670004a0f984bc0b15
SHA512

f988090b3ae962aab0231e7478bbac401966920293176c6c70d346d30b3472b575bf781a261a24e18030f4b8e7e94c6ef7ca7887cf8b0fc3c01ea5171b8fa7ee

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  ca6bb32ad6e91b3132ff75a85bc74aad1179297bf204e3670004a0f984bc0b15
- Size
  
  356KB
- MD5
  
  fb50f4f94abd48dea11d5175150e1a64
- SHA1
  
  840a7f3aa9d41f7b33b87052578b90ea5be549f9
- SHA256
  
  ca6bb32ad6e91b3132ff75a85bc74aad1179297bf204e3670004a0f984bc0b15
- SHA512
  
  f988090b3ae962aab0231e7478bbac401966920293176c6c70d346d30b3472b575bf781a261a24e18030f4b8e7e94c6ef7ca7887cf8b0fc3c01ea5171b8fa7ee
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan