smokeloader | c088a2a1e76a5d2d07e9bf47db370dcc53dbfc7c957e947124491739ce34d277 | Triage

Sharing

General

Target

c088a2a1e76a5d2d07e9bf47db370dcc53dbfc7c957e947124491739ce34d277
Size

318KB
Sample

220129-anbehahagp
MD5

05bfc9fc42cd23ec098ea029894ea40f
SHA1

b236713eb6e96d78178f344d901e6d497d7af3dd
SHA256

c088a2a1e76a5d2d07e9bf47db370dcc53dbfc7c957e947124491739ce34d277
SHA512

f630ee339bb7b3f34cdb3699c6fdfec785729f34cb6a6101cc41034f509be5e7744c3be5e5f0673eeb9309636c38753ec19d607fb6970c4d0a7dff74c0ac0aca

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  c088a2a1e76a5d2d07e9bf47db370dcc53dbfc7c957e947124491739ce34d277
- Size
  
  318KB
- MD5
  
  05bfc9fc42cd23ec098ea029894ea40f
- SHA1
  
  b236713eb6e96d78178f344d901e6d497d7af3dd
- SHA256
  
  c088a2a1e76a5d2d07e9bf47db370dcc53dbfc7c957e947124491739ce34d277
- SHA512
  
  f630ee339bb7b3f34cdb3699c6fdfec785729f34cb6a6101cc41034f509be5e7744c3be5e5f0673eeb9309636c38753ec19d607fb6970c4d0a7dff74c0ac0aca
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan