smokeloader | 3b612ceb7d2bf66a141e439a181a3fdf1c0eb31a1006e4b1d127efe37f1d1115 | Triage

Sharing

General

Target

3b612ceb7d2bf66a141e439a181a3fdf1c0eb31a1006e4b1d127efe37f1d1115
Size

352KB
Sample

220128-x2tvbsbge5
MD5

421c75538c12cfdf503bba86df4195ee
SHA1

f757d1413ae54ff901ada6a485310c0ae231dbd9
SHA256

3b612ceb7d2bf66a141e439a181a3fdf1c0eb31a1006e4b1d127efe37f1d1115
SHA512

d1c550c876741d1d9c64082ae590762f0759c69d0cb6750d0d80bf8d08077959a5d3d614db273ae4ad862f95e9cfa095af1c07eafb7d8573f0c9a05b7e708926

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3b612ceb7d2bf66a141e439a181a3fdf1c0eb31a1006e4b1d127efe37f1d1115
- Size
  
  352KB
- MD5
  
  421c75538c12cfdf503bba86df4195ee
- SHA1
  
  f757d1413ae54ff901ada6a485310c0ae231dbd9
- SHA256
  
  3b612ceb7d2bf66a141e439a181a3fdf1c0eb31a1006e4b1d127efe37f1d1115
- SHA512
  
  d1c550c876741d1d9c64082ae590762f0759c69d0cb6750d0d80bf8d08077959a5d3d614db273ae4ad862f95e9cfa095af1c07eafb7d8573f0c9a05b7e708926
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan