smokeloader | 602d7d9fa0c9633b232f43a107d4618e697ef365156b46d97feab00aacf5e1d8 | Triage

Sharing

General

Target

602d7d9fa0c9633b232f43a107d4618e697ef365156b46d97feab00aacf5e1d8
Size

353KB
Sample

220128-rk8z2aecal
MD5

32d964429405984c6e2da26061f6b50b
SHA1

84d77f4e009f3546ccd7b04355f4da13136e1214
SHA256

602d7d9fa0c9633b232f43a107d4618e697ef365156b46d97feab00aacf5e1d8
SHA512

9977ee232d536fa655e214a41321f2d7689ee92ac6442da40285b382eca36d2cf71e7e8356f5500a15f5e513fcf057b7320f9cd029fb8de89882f97b9a422ea0

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  602d7d9fa0c9633b232f43a107d4618e697ef365156b46d97feab00aacf5e1d8
- Size
  
  353KB
- MD5
  
  32d964429405984c6e2da26061f6b50b
- SHA1
  
  84d77f4e009f3546ccd7b04355f4da13136e1214
- SHA256
  
  602d7d9fa0c9633b232f43a107d4618e697ef365156b46d97feab00aacf5e1d8
- SHA512
  
  9977ee232d536fa655e214a41321f2d7689ee92ac6442da40285b382eca36d2cf71e7e8356f5500a15f5e513fcf057b7320f9cd029fb8de89882f97b9a422ea0
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan