smokeloader | 9652f805ad7fd4acc2fe0284e17815aee5f45c5e31fae87a4112143a2acd925f | Triage

Sharing

General

Target

9652f805ad7fd4acc2fe0284e17815aee5f45c5e31fae87a4112143a2acd925f
Size

352KB
Sample

220129-abwjxahah5
MD5

0e62d19d082ca9604e0e4ef5d39a53c2
SHA1

a54a265f44431d9804ce871812d1047e08a7d945
SHA256

9652f805ad7fd4acc2fe0284e17815aee5f45c5e31fae87a4112143a2acd925f
SHA512

d5123d1367745183a6bdf521a5601620b24bbf85d4d1ab4a3fdfc47ee242833c493b7543cba2b005b79eb00993009ac6c1744ab4513e2e46c77dc5ee03fa38da

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9652f805ad7fd4acc2fe0284e17815aee5f45c5e31fae87a4112143a2acd925f
- Size
  
  352KB
- MD5
  
  0e62d19d082ca9604e0e4ef5d39a53c2
- SHA1
  
  a54a265f44431d9804ce871812d1047e08a7d945
- SHA256
  
  9652f805ad7fd4acc2fe0284e17815aee5f45c5e31fae87a4112143a2acd925f
- SHA512
  
  d5123d1367745183a6bdf521a5601620b24bbf85d4d1ab4a3fdfc47ee242833c493b7543cba2b005b79eb00993009ac6c1744ab4513e2e46c77dc5ee03fa38da
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan