smokeloader | 0f0faf33cf35426dc7dea4b0e037e30fa6150fc6c6d4e06bca0b2ddfe2080c33 | Triage

Sharing

General

Target

0f0faf33cf35426dc7dea4b0e037e30fa6150fc6c6d4e06bca0b2ddfe2080c33
Size

318KB
Sample

220129-am5a7ahagl
MD5

402d7375a6ea77e3e17142a64e3e2e61
SHA1

aacf99fdb58a3db24e3a217c6b9a2f4411bf1b71
SHA256

0f0faf33cf35426dc7dea4b0e037e30fa6150fc6c6d4e06bca0b2ddfe2080c33
SHA512

d590b934bbc31b7bc2923457a0a83de6fba1041463933cc1befd0362f8e5bf3cffab519114dba3dc825625f9ba92d3f0c080e8de9ab9a8a1771515de80b6695d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0f0faf33cf35426dc7dea4b0e037e30fa6150fc6c6d4e06bca0b2ddfe2080c33
- Size
  
  318KB
- MD5
  
  402d7375a6ea77e3e17142a64e3e2e61
- SHA1
  
  aacf99fdb58a3db24e3a217c6b9a2f4411bf1b71
- SHA256
  
  0f0faf33cf35426dc7dea4b0e037e30fa6150fc6c6d4e06bca0b2ddfe2080c33
- SHA512
  
  d590b934bbc31b7bc2923457a0a83de6fba1041463933cc1befd0362f8e5bf3cffab519114dba3dc825625f9ba92d3f0c080e8de9ab9a8a1771515de80b6695d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan