smokeloader | fe2a9057323a5a5d47a4ab3cf9f4f9f86037b395c440da7bfb1e4164bc10abc3 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

37KB
Sample

220906-p8gjksdbh5
MD5

b5930c6fbf0ecde4de2ba77415b97e18
SHA1

67cab99dc14822289f9b8d1f0fb0e9d73ff45825
SHA256

fe2a9057323a5a5d47a4ab3cf9f4f9f86037b395c440da7bfb1e4164bc10abc3
SHA512

63140881d7b03db395608b1fe095b0989aa2d87d017ae63eea34c8b3e04c3274ccc7ee31a4505c8334af1300844c4aec30a6a25dc692a34ec699b728a85620ea
SSDEEP

384:O9kt7+7uIb00ERLA6m8KXAX3H3JGm9bN1v5N9EJqgxWUrxMKQ4XyY:vNTIcI8tX9B55gqgxWFKQiH

Score

10^/10

smokeloader backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220901-en

smokeloader backdoor persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

smokeloader backdoor persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  37KB
- MD5
  
  b5930c6fbf0ecde4de2ba77415b97e18
- SHA1
  
  67cab99dc14822289f9b8d1f0fb0e9d73ff45825
- SHA256
  
  fe2a9057323a5a5d47a4ab3cf9f4f9f86037b395c440da7bfb1e4164bc10abc3
- SHA512
  
  63140881d7b03db395608b1fe095b0989aa2d87d017ae63eea34c8b3e04c3274ccc7ee31a4505c8334af1300844c4aec30a6a25dc692a34ec699b728a85620ea
- SSDEEP
  
  384:O9kt7+7uIb00ERLA6m8KXAX3H3JGm9bN1v5N9EJqgxWUrxMKQ4XyY:vNTIcI8tX9B55gqgxWFKQiH
Score

10^/10

smokeloader backdoor persistence trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan

behavioral2

smokeloaderbackdoorpersistencetrojan

© 2018-2024

Terms | Privacy