smokeloader | 319a1b87e38833ae34bb501e0954b3a5d4baa081063fa0f89a4962fa4a700879 | Triage

Sharing

General

Target

319a1b87e38833ae34bb501e0954b3a5d4baa081063fa0f89a4962fa4a700879
Size

352KB
Sample

220128-ra24qsedd9
MD5

18dbc0e743976c1022fb7771166615b1
SHA1

cc7abc9575c6f1f3186a64cb43ca8cf79af31641
SHA256

319a1b87e38833ae34bb501e0954b3a5d4baa081063fa0f89a4962fa4a700879
SHA512

3354987965551155898c03ddf826990637f17ecedb33688a02fe04040e0ede5e91334a9ab2d26879228048e4ebce4a070dc3bea5c71a84d578f41c189dcce76c

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  319a1b87e38833ae34bb501e0954b3a5d4baa081063fa0f89a4962fa4a700879
- Size
  
  352KB
- MD5
  
  18dbc0e743976c1022fb7771166615b1
- SHA1
  
  cc7abc9575c6f1f3186a64cb43ca8cf79af31641
- SHA256
  
  319a1b87e38833ae34bb501e0954b3a5d4baa081063fa0f89a4962fa4a700879
- SHA512
  
  3354987965551155898c03ddf826990637f17ecedb33688a02fe04040e0ede5e91334a9ab2d26879228048e4ebce4a070dc3bea5c71a84d578f41c189dcce76c
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan