smokeloader | 3aa53009bf6bc15a2d2439e61c11b38a6a87298453033912d5be9f9021ecdde2 | Triage

Sharing

General

Target

3aa53009bf6bc15a2d2439e61c11b38a6a87298453033912d5be9f9021ecdde2
Size

352KB
Sample

220128-ydm8babggr
MD5

9c81d4cb75363ef96aa0534e8ba2e4b9
SHA1

c0bc776eb6faf11563657f1e4270e427cf80fde4
SHA256

3aa53009bf6bc15a2d2439e61c11b38a6a87298453033912d5be9f9021ecdde2
SHA512

d1ecd6e7b42f8dde6ee815d2a7585792583b6bce808185ca8eb882b2c1e2de8c274bb3be5fd5c49f6ce77b5cd9bb8e0055af45e2383ee9bdd391d92ac2a92105

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  3aa53009bf6bc15a2d2439e61c11b38a6a87298453033912d5be9f9021ecdde2
- Size
  
  352KB
- MD5
  
  9c81d4cb75363ef96aa0534e8ba2e4b9
- SHA1
  
  c0bc776eb6faf11563657f1e4270e427cf80fde4
- SHA256
  
  3aa53009bf6bc15a2d2439e61c11b38a6a87298453033912d5be9f9021ecdde2
- SHA512
  
  d1ecd6e7b42f8dde6ee815d2a7585792583b6bce808185ca8eb882b2c1e2de8c274bb3be5fd5c49f6ce77b5cd9bb8e0055af45e2383ee9bdd391d92ac2a92105
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan