smokeloader | 33c77f1a6470b895e6531692d7f0656f059078e5e754064414c03af38e03bf53 | Triage

Sharing

General

Target

33c77f1a6470b895e6531692d7f0656f059078e5e754064414c03af38e03bf53
Size

352KB
Sample

220128-wtcemsabaq
MD5

78e1a5228b6f53501616a16a9619e4a5
SHA1

3ae98bd1689eaac92cb2a7432d9b937445184429
SHA256

33c77f1a6470b895e6531692d7f0656f059078e5e754064414c03af38e03bf53
SHA512

f5624e45b8fd6baaac6b3b4abcc2c4128847076b251e143dc639494336ad64e5863d49ebbabb9ca1e23e2c49e536fe3d58b5639b660666d03b5702d3769d1204

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  33c77f1a6470b895e6531692d7f0656f059078e5e754064414c03af38e03bf53
- Size
  
  352KB
- MD5
  
  78e1a5228b6f53501616a16a9619e4a5
- SHA1
  
  3ae98bd1689eaac92cb2a7432d9b937445184429
- SHA256
  
  33c77f1a6470b895e6531692d7f0656f059078e5e754064414c03af38e03bf53
- SHA512
  
  f5624e45b8fd6baaac6b3b4abcc2c4128847076b251e143dc639494336ad64e5863d49ebbabb9ca1e23e2c49e536fe3d58b5639b660666d03b5702d3769d1204
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan