smokeloader | 5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95 | Triage

Sharing

General

Target

5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95
Size

352KB
Sample

220128-wb1drahha9
MD5

2faf0358aaf0f2b2693eead6f16e0f85
SHA1

2f9cd18c2932edc158cd0e590de3048f68b123e2
SHA256

5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95
SHA512

471acfd7a8344b91b4c28128cb6ae4884895d118697031a189cb494a86b9adba3f03556e9e1fa17d3a906d5659d728e0f2a9259f7bb2d49acf87817b0531e325

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95
- Size
  
  352KB
- MD5
  
  2faf0358aaf0f2b2693eead6f16e0f85
- SHA1
  
  2f9cd18c2932edc158cd0e590de3048f68b123e2
- SHA256
  
  5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95
- SHA512
  
  471acfd7a8344b91b4c28128cb6ae4884895d118697031a189cb494a86b9adba3f03556e9e1fa17d3a906d5659d728e0f2a9259f7bb2d49acf87817b0531e325
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan