smokeloader | 5efc24b4685adc56e71dce962bfe8430a3ae226987e95421a011a9503549400d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

5efc24b4685adc56e71dce962bfe8430a3ae226987e95421a011a9503549400d
Size

280KB
Sample

220922-3zpeqageen
MD5

d4a1d6fdbd12881069390066d6832bfd
SHA1

06b83748c33ac3e3ad95c73d0ca3e6bcef91d8af
SHA256

5efc24b4685adc56e71dce962bfe8430a3ae226987e95421a011a9503549400d
SHA512

6b446d18662cc5f409f8016e939ef4b1cab3233a37238effe5520ed1bad4654c06dc1d72cd9dea68118a37f48a13f655aaab4a47e51d5d711133dcc6ec1fde66
SSDEEP

6144:17vuTCP6LJ3wHtSWtWaRXKUlxK0CwABL5/wigavwVf:17muil3wHtSWUCXVTBABr

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

5efc24b4685adc56e71dce962bfe8430a3ae226987e95421a011a9503549400d.exe

Resource

win10-20220812-en

smokeloader backdoor trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5efc24b4685adc56e71dce962bfe8430a3ae226987e95421a011a9503549400d
- Size
  
  280KB
- MD5
  
  d4a1d6fdbd12881069390066d6832bfd
- SHA1
  
  06b83748c33ac3e3ad95c73d0ca3e6bcef91d8af
- SHA256
  
  5efc24b4685adc56e71dce962bfe8430a3ae226987e95421a011a9503549400d
- SHA512
  
  6b446d18662cc5f409f8016e939ef4b1cab3233a37238effe5520ed1bad4654c06dc1d72cd9dea68118a37f48a13f655aaab4a47e51d5d711133dcc6ec1fde66
- SSDEEP
  
  6144:17vuTCP6LJ3wHtSWtWaRXKUlxK0CwABL5/wigavwVf:17muil3wHtSWUCXVTBABr
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy