smokeloader | 91ae5ce01ecb645df0b539fc5db5724c32a3ebf6339a8bc1df02deb41e42587b | Triage

Sharing

General

Target

91ae5ce01ecb645df0b539fc5db5724c32a3ebf6339a8bc1df02deb41e42587b
Size

318KB
Sample

220129-bd2pdahgdk
MD5

eeeb3c0b0a2873294a977512aa571396
SHA1

2b0e81a78cf5afdd870fe935b0e7a30dd2b3e2ca
SHA256

91ae5ce01ecb645df0b539fc5db5724c32a3ebf6339a8bc1df02deb41e42587b
SHA512

93d96f782c9196d06490891013024e9110af48393915d466fe31e8b5722d86b64abd0c4edae4cb90b0a55286a024bdf92ab85a8ff1c132f19577bc984a2194f3

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  91ae5ce01ecb645df0b539fc5db5724c32a3ebf6339a8bc1df02deb41e42587b
- Size
  
  318KB
- MD5
  
  eeeb3c0b0a2873294a977512aa571396
- SHA1
  
  2b0e81a78cf5afdd870fe935b0e7a30dd2b3e2ca
- SHA256
  
  91ae5ce01ecb645df0b539fc5db5724c32a3ebf6339a8bc1df02deb41e42587b
- SHA512
  
  93d96f782c9196d06490891013024e9110af48393915d466fe31e8b5722d86b64abd0c4edae4cb90b0a55286a024bdf92ab85a8ff1c132f19577bc984a2194f3
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan