smokeloader | bacd350225b37e7859cfb631a9e0b7f9d657b9af1c9ab983cd0c5fe26b4a5d12 | Triage

Sharing

General

Target

bacd350225b37e7859cfb631a9e0b7f9d657b9af1c9ab983cd0c5fe26b4a5d12
Size

353KB
Sample

220128-vkwaqahbh2
MD5

3a78923d6d173ad0609355abe4784467
SHA1

e3ca6fe63baaf13893dc1765745b043ea69c7db2
SHA256

bacd350225b37e7859cfb631a9e0b7f9d657b9af1c9ab983cd0c5fe26b4a5d12
SHA512

8b7f539096fcb8f571f8eea04423995bc87b27558108b37bfe730ccf5113aad01d9c5272e85bb289b435fce155e32b1e909059325051189024b1c40aa9cf2be5

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  bacd350225b37e7859cfb631a9e0b7f9d657b9af1c9ab983cd0c5fe26b4a5d12
- Size
  
  353KB
- MD5
  
  3a78923d6d173ad0609355abe4784467
- SHA1
  
  e3ca6fe63baaf13893dc1765745b043ea69c7db2
- SHA256
  
  bacd350225b37e7859cfb631a9e0b7f9d657b9af1c9ab983cd0c5fe26b4a5d12
- SHA512
  
  8b7f539096fcb8f571f8eea04423995bc87b27558108b37bfe730ccf5113aad01d9c5272e85bb289b435fce155e32b1e909059325051189024b1c40aa9cf2be5
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan