smokeloader | e3b31b540839dffff92b5ee74323e3ca87954f717028d633dcb63fc011da8185 | Triage

Sharing

General

Target

e3b31b540839dffff92b5ee74323e3ca87954f717028d633dcb63fc011da8185
Size

352KB
Sample

220128-n4g4wacacm
MD5

425b2d09dc9b30a2659d0401f4aaba79
SHA1

f7a7057fb991161a56bf5054561ca6c66c707863
SHA256

e3b31b540839dffff92b5ee74323e3ca87954f717028d633dcb63fc011da8185
SHA512

d0f8e6d25cf9ad28e5170d782c61d51cb7dea40ede1dc6b866834c6a5f1c27f91d3b970726301f3fb41e8669ed82f3ccfc10064b649a13563dbb16cb7926e2ed

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e3b31b540839dffff92b5ee74323e3ca87954f717028d633dcb63fc011da8185
- Size
  
  352KB
- MD5
  
  425b2d09dc9b30a2659d0401f4aaba79
- SHA1
  
  f7a7057fb991161a56bf5054561ca6c66c707863
- SHA256
  
  e3b31b540839dffff92b5ee74323e3ca87954f717028d633dcb63fc011da8185
- SHA512
  
  d0f8e6d25cf9ad28e5170d782c61d51cb7dea40ede1dc6b866834c6a5f1c27f91d3b970726301f3fb41e8669ed82f3ccfc10064b649a13563dbb16cb7926e2ed
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan