smokeloader | 60c726b7dd94a8c2c3bc21fd8b4d04c52cf09463c2cb54813cb4566b5fdf4bec | Triage

Sharing

General

Target

60c726b7dd94a8c2c3bc21fd8b4d04c52cf09463c2cb54813cb4566b5fdf4bec
Size

352KB
Sample

220128-sb4vdsfafm
MD5

97fc4c260a19feccdf071b6a8eb3ea91
SHA1

95d27583e4a9d57eae95484fa098dbee043c2568
SHA256

60c726b7dd94a8c2c3bc21fd8b4d04c52cf09463c2cb54813cb4566b5fdf4bec
SHA512

7b2e7d830b3c345fd20b0305d406fb8be5337df9b05efc003d682293d5feaf53ac2fefe50f84f8fcc3123a26cf1bc29df29e22801155785e97604926daa2c00d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  60c726b7dd94a8c2c3bc21fd8b4d04c52cf09463c2cb54813cb4566b5fdf4bec
- Size
  
  352KB
- MD5
  
  97fc4c260a19feccdf071b6a8eb3ea91
- SHA1
  
  95d27583e4a9d57eae95484fa098dbee043c2568
- SHA256
  
  60c726b7dd94a8c2c3bc21fd8b4d04c52cf09463c2cb54813cb4566b5fdf4bec
- SHA512
  
  7b2e7d830b3c345fd20b0305d406fb8be5337df9b05efc003d682293d5feaf53ac2fefe50f84f8fcc3123a26cf1bc29df29e22801155785e97604926daa2c00d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan