smokeloader | eef1e81d37b255c1c63e05216c201e03796823fc93395770ed03c003eb64d338 | Triage

Sharing

General

Target

eef1e81d37b255c1c63e05216c201e03796823fc93395770ed03c003eb64d338.exe
Size

339KB
Sample

220514-q5rqtaabc5
MD5

3c6bd94075548f2cf08b6e966a878a57
SHA1

a7c37aa93592cded7bb171775355e74324fb15b6
SHA256

eef1e81d37b255c1c63e05216c201e03796823fc93395770ed03c003eb64d338
SHA512

e206699c7030ac959ec530d7864c07f98f3d7a161700d3906a69278e2d91ca96a98e8266e1c0f9dd37cf0ac7297de206ecfb8ed0b5760e6016eec07887b45645

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  eef1e81d37b255c1c63e05216c201e03796823fc93395770ed03c003eb64d338.exe
- Size
  
  339KB
- MD5
  
  3c6bd94075548f2cf08b6e966a878a57
- SHA1
  
  a7c37aa93592cded7bb171775355e74324fb15b6
- SHA256
  
  eef1e81d37b255c1c63e05216c201e03796823fc93395770ed03c003eb64d338
- SHA512
  
  e206699c7030ac959ec530d7864c07f98f3d7a161700d3906a69278e2d91ca96a98e8266e1c0f9dd37cf0ac7297de206ecfb8ed0b5760e6016eec07887b45645
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan