smokeloader | 04821c93b97a6b6ffdf80bcaf3e6491b6de39eff2caed87c19c1531a0c5c87d6 | Triage

Sharing

General

Target

583707ca6b0c9206f66db2e02df0715d
Size

318KB
Sample

220129-qeyfnsbfh2
MD5

583707ca6b0c9206f66db2e02df0715d
SHA1

0021d125ebb8f4553f217c5904e9e17be4619795
SHA256

04821c93b97a6b6ffdf80bcaf3e6491b6de39eff2caed87c19c1531a0c5c87d6
SHA512

71f6ce278ca8d8cef61676de7b021074ddc76745bc8d08ebfb2b3d9fbc1c32a4aac6db13df00ce06e083a2e55e521f5dca0190608191157b958885c2d4d6002d

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  583707ca6b0c9206f66db2e02df0715d
- Size
  
  318KB
- MD5
  
  583707ca6b0c9206f66db2e02df0715d
- SHA1
  
  0021d125ebb8f4553f217c5904e9e17be4619795
- SHA256
  
  04821c93b97a6b6ffdf80bcaf3e6491b6de39eff2caed87c19c1531a0c5c87d6
- SHA512
  
  71f6ce278ca8d8cef61676de7b021074ddc76745bc8d08ebfb2b3d9fbc1c32a4aac6db13df00ce06e083a2e55e521f5dca0190608191157b958885c2d4d6002d
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan