smokeloader | 787cd70763bab5a14d9ecc58abe2dc0ed844b5251266cb3ccd8d6e97b3042823 | Triage

Sharing

General

Target

787cd70763bab5a14d9ecc58abe2dc0ed844b5251266cb3ccd8d6e97b3042823.exe
Size

247KB
Sample

220514-q5q5aacebk
MD5

f34ad3cb33b7e41126e45906e4ddf6f4
SHA1

a86d709c56ee2f5b42b16a99a6c6ee6b5edfb5f3
SHA256

787cd70763bab5a14d9ecc58abe2dc0ed844b5251266cb3ccd8d6e97b3042823
SHA512

54610c0d429dad91a3a5fdfd1c03b889999785a48e9e096345bbe709520e518d881cfd0071b9325ec4628db542e62046d7a6ae1b2c81d9754cd20f73250ef37b

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  787cd70763bab5a14d9ecc58abe2dc0ed844b5251266cb3ccd8d6e97b3042823.exe
- Size
  
  247KB
- MD5
  
  f34ad3cb33b7e41126e45906e4ddf6f4
- SHA1
  
  a86d709c56ee2f5b42b16a99a6c6ee6b5edfb5f3
- SHA256
  
  787cd70763bab5a14d9ecc58abe2dc0ed844b5251266cb3ccd8d6e97b3042823
- SHA512
  
  54610c0d429dad91a3a5fdfd1c03b889999785a48e9e096345bbe709520e518d881cfd0071b9325ec4628db542e62046d7a6ae1b2c81d9754cd20f73250ef37b
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan