smokeloader | 6f5f3416324b35cbe48f45a54a43454adddedc38703fcebafda9c610a7c8078b | Triage

Sharing

General

Target

6f5f3416324b35cbe48f45a54a43454adddedc38703fcebafda9c610a7c8078b
Size

352KB
Sample

220128-tyjy6sghb4
MD5

b8325b86a517c7b3ac4de4ec6911d25c
SHA1

24dafdc0cca4ac80e0f262b39d86663ffec35717
SHA256

6f5f3416324b35cbe48f45a54a43454adddedc38703fcebafda9c610a7c8078b
SHA512

de88e08bdd08effa6294440593051326f2adc331e38359b2c7d0a19c35508c826a43469ddf7cf459a9a818830eba735e938fc91050213d833bc44a41ae8f330d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  6f5f3416324b35cbe48f45a54a43454adddedc38703fcebafda9c610a7c8078b
- Size
  
  352KB
- MD5
  
  b8325b86a517c7b3ac4de4ec6911d25c
- SHA1
  
  24dafdc0cca4ac80e0f262b39d86663ffec35717
- SHA256
  
  6f5f3416324b35cbe48f45a54a43454adddedc38703fcebafda9c610a7c8078b
- SHA512
  
  de88e08bdd08effa6294440593051326f2adc331e38359b2c7d0a19c35508c826a43469ddf7cf459a9a818830eba735e938fc91050213d833bc44a41ae8f330d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan