smokeloader | f2e9475cbf8ad93f5762a2b5c02b552d5afe5247c9c14e2c1e72f507807ffbaa | Triage

Sharing

General

Target

d89944dfaa2c67c475c079edb5646342
Size

317KB
Sample

220129-p2y52sbdh6
MD5

d89944dfaa2c67c475c079edb5646342
SHA1

d4ddd0aeb465bb1755d08168e427e1e1a22fe126
SHA256

f2e9475cbf8ad93f5762a2b5c02b552d5afe5247c9c14e2c1e72f507807ffbaa
SHA512

d4a10488e91ee248eb66614f0b8080fe18c3f06673e35f3a128c0a960f588f61b9b7562e0f99360a1f879868b17455a3410970f99a86e63ae0031fe67909cf23

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  d89944dfaa2c67c475c079edb5646342
- Size
  
  317KB
- MD5
  
  d89944dfaa2c67c475c079edb5646342
- SHA1
  
  d4ddd0aeb465bb1755d08168e427e1e1a22fe126
- SHA256
  
  f2e9475cbf8ad93f5762a2b5c02b552d5afe5247c9c14e2c1e72f507807ffbaa
- SHA512
  
  d4a10488e91ee248eb66614f0b8080fe18c3f06673e35f3a128c0a960f588f61b9b7562e0f99360a1f879868b17455a3410970f99a86e63ae0031fe67909cf23
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan