smokeloader | e8d0ed968df13b04e895a0f910e9b21aa0b4119427a3f388f6e55bee98542078 | Triage

Sharing

General

Target

e8d0ed968df13b04e895a0f910e9b21aa0b4119427a3f388f6e55bee98542078.exe
Size

238KB
Sample

220514-q5qthsceaq
MD5

a7c54e9d7096d63523dba842f3ce3e2f
SHA1

d809b25c23f1b912c7f4f0e5fa56ad40f284ac71
SHA256

e8d0ed968df13b04e895a0f910e9b21aa0b4119427a3f388f6e55bee98542078
SHA512

019405d20ea2ab71ee7af9669968b6b03e358f0f1f56fda5f9697cf77e6b95d529fe83124475a0aa6f9f9ced4ce9ffd334d334a96a27fb7022e31382d594a2ac

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e8d0ed968df13b04e895a0f910e9b21aa0b4119427a3f388f6e55bee98542078.exe
- Size
  
  238KB
- MD5
  
  a7c54e9d7096d63523dba842f3ce3e2f
- SHA1
  
  d809b25c23f1b912c7f4f0e5fa56ad40f284ac71
- SHA256
  
  e8d0ed968df13b04e895a0f910e9b21aa0b4119427a3f388f6e55bee98542078
- SHA512
  
  019405d20ea2ab71ee7af9669968b6b03e358f0f1f56fda5f9697cf77e6b95d529fe83124475a0aa6f9f9ced4ce9ffd334d334a96a27fb7022e31382d594a2ac
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan