smokeloader | e6e29439145a1238acfa33075fb33120568f59a72a8d3ecb37f09605cc9d5969 | Triage

Sharing

General

Target

0d4992cbe7a7986795931a122180a1cf5e758d695544de42a4ca630812eee03c
Size

158KB
Sample

220129-p5m7ysbee5
MD5

0780b4343eefb312e24d766701c24054
SHA1

bb8a6471fc60e0b9951f9601336a9a13b46b6200
SHA256

e6e29439145a1238acfa33075fb33120568f59a72a8d3ecb37f09605cc9d5969
SHA512

f5d8b5ba7dc4565a904a7c2617f9cfa44e437d6a348569bb49d9bbd2170ce374c47d71387af2cffaca277aa1ce00cd37c9487808ba5268fef651d9b21148f101

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  0d4992cbe7a7986795931a122180a1cf5e758d695544de42a4ca630812eee03c
- Size
  
  317KB
- MD5
  
  832d55530ba86650884b5d2c4ab59f62
- SHA1
  
  d7e3e1fa3375261e99b2eab3a13f6fa5444debac
- SHA256
  
  0d4992cbe7a7986795931a122180a1cf5e758d695544de42a4ca630812eee03c
- SHA512
  
  cd38ab6acba1e3899e4ac0ba4e037a2ce63a176562bd71d55dc5037c4d3564072f9f653f099646085e272a45518b394dd9b2781e3f25fecb3409f45d2c0c001a
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan