smokeloader | c5b0b8b86878e2fda1194d28b3e2b6923541de1719f8b96975de34cbbc9aa537 | Triage

Sharing

General

Target

92bc3fd7578afed3c64ccf9fcbcf1e17
Size

317KB
Sample

220129-p8slvabacl
MD5

92bc3fd7578afed3c64ccf9fcbcf1e17
SHA1

518dc5cf48bb613163856cf2ca815a42ba43f55c
SHA256

c5b0b8b86878e2fda1194d28b3e2b6923541de1719f8b96975de34cbbc9aa537
SHA512

b85e4190d6dd6f1845ab7fb2ac74503f19376b9e4e288db387dc9731e0f058fe985e2c79cc66e4be979815bcfc5aaa2683abea61229a22437f1e2fb941b3bbc9

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  92bc3fd7578afed3c64ccf9fcbcf1e17
- Size
  
  317KB
- MD5
  
  92bc3fd7578afed3c64ccf9fcbcf1e17
- SHA1
  
  518dc5cf48bb613163856cf2ca815a42ba43f55c
- SHA256
  
  c5b0b8b86878e2fda1194d28b3e2b6923541de1719f8b96975de34cbbc9aa537
- SHA512
  
  b85e4190d6dd6f1845ab7fb2ac74503f19376b9e4e288db387dc9731e0f058fe985e2c79cc66e4be979815bcfc5aaa2683abea61229a22437f1e2fb941b3bbc9
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan