smokeloader | 4aa172db146bd1a8e35c90ff812c574d9a639d7ffc093c2ba53ab4146c252f2f | Triage

Sharing

General

Target

4aa172db146bd1a8e35c90ff812c574d9a639d7ffc093c2ba53ab4146c252f2f
Size

353KB
Sample

220128-t6bmrsgfbr
MD5

2a4c49e945f90e73cce06d8aec8a0e28
SHA1

63e6e1d365489499711998c0ddcc3d3136b2ac20
SHA256

4aa172db146bd1a8e35c90ff812c574d9a639d7ffc093c2ba53ab4146c252f2f
SHA512

130f0b86e7d22b97b3f6670f67caf58bc4f2c70eb5d85c4db20ded68ef34b345c591e59d4a00d63ecc314ade7e472dcaa8bd59603788d46107b06d5091a2993c

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  4aa172db146bd1a8e35c90ff812c574d9a639d7ffc093c2ba53ab4146c252f2f
- Size
  
  353KB
- MD5
  
  2a4c49e945f90e73cce06d8aec8a0e28
- SHA1
  
  63e6e1d365489499711998c0ddcc3d3136b2ac20
- SHA256
  
  4aa172db146bd1a8e35c90ff812c574d9a639d7ffc093c2ba53ab4146c252f2f
- SHA512
  
  130f0b86e7d22b97b3f6670f67caf58bc4f2c70eb5d85c4db20ded68ef34b345c591e59d4a00d63ecc314ade7e472dcaa8bd59603788d46107b06d5091a2993c
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan