smokeloader | 5dad6fcb977a362dbe329eea517a926c697af169549c74545a35d7491544356d | Triage

Sharing

General

Target

5dad6fcb977a362dbe329eea517a926c697af169549c74545a35d7491544356d
Size

351KB
Sample

220128-r648zafcd2
MD5

8b3b1be30ddf3f30563db31adcfefe03
SHA1

b3afa6abbc2874b4d626c15db0541edc54ea5a32
SHA256

5dad6fcb977a362dbe329eea517a926c697af169549c74545a35d7491544356d
SHA512

2fc08789f0a82a9664e88f928634e6916084cff6ca8605c569040455db56bcec3c8d135e814aa205f4e260d0c30a935c67f36fbd0c03c608b25e895b2f48718b

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  5dad6fcb977a362dbe329eea517a926c697af169549c74545a35d7491544356d
- Size
  
  351KB
- MD5
  
  8b3b1be30ddf3f30563db31adcfefe03
- SHA1
  
  b3afa6abbc2874b4d626c15db0541edc54ea5a32
- SHA256
  
  5dad6fcb977a362dbe329eea517a926c697af169549c74545a35d7491544356d
- SHA512
  
  2fc08789f0a82a9664e88f928634e6916084cff6ca8605c569040455db56bcec3c8d135e814aa205f4e260d0c30a935c67f36fbd0c03c608b25e895b2f48718b
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan