smokeloader | 44f43a71c0ff76a16186e6c7a2e493396033c6174756270bd269331509f18b4f | Triage

Sharing

General

Target

8a74b53ef26cf66004a27e3d008a847b304c95cb8cea626cdc21edf7ff3830ce
Size

130KB
Sample

220907-cyfs3sahc9
MD5

8f246f325ea93fdc73f0c57bd371b052
SHA1

bdcf9e22e559c3c3e0d4654dbe3218fb2fc094d5
SHA256

44f43a71c0ff76a16186e6c7a2e493396033c6174756270bd269331509f18b4f
SHA512

7d86d062512a2f4080ab9dc78919d6e8d91922bf87ec9d1ba2c0e103896049fc1de72fe4be150e309dd7f05b4e8c66befeed63c6840c7290c7083cfa72292f16
SSDEEP

3072:Q1kIXVflRFQHW/q10sOdqji9W2nJPiIUp5HlrJ0Lg2iU/:SkIXZqHW/ujiFnJPiIUDz2h/

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  8a74b53ef26cf66004a27e3d008a847b304c95cb8cea626cdc21edf7ff3830ce
- Size
  
  207KB
- MD5
  
  98d6330533254baaf912537b060eaa8d
- SHA1
  
  457989ed0c9db09bdbd0d83f0a781a3330e5f81e
- SHA256
  
  8a74b53ef26cf66004a27e3d008a847b304c95cb8cea626cdc21edf7ff3830ce
- SHA512
  
  d20a5d82594b533f29ef0c995d667ae357df10dd18b3008a5e297289b547e558b0873c866064bdf8332b23bc75a0e4db5f370c85eb62639a366380c7be18a222
- SSDEEP
  
  3072:IOEiPoDR+jOFSkosic30AJsbvo3tP655dVJcebO9Rv4K+:yuOFSko+0AObGP6/doeE
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan