smokeloader | 619c251b0afe76433b7bb1800dd003ff05262dde38ebb0a3119cfa8f04296693 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

619c251b0afe76433b7bb1800dd003ff05262dde38ebb0a3119cfa8f04296693
Size

187KB
Sample

220923-rcndcsaeaj
MD5

0faa76cbfb5c738b96b2645ea3c04b7f
SHA1

386d3ac01443963f8592d00e1fce64c92cf814de
SHA256

619c251b0afe76433b7bb1800dd003ff05262dde38ebb0a3119cfa8f04296693
SHA512

f079d1bca753213f2bc7f7ea32cde4e30e90f5489bb1154ced7ac79240f03bc0a5c741cef49c43ca5a404de456ae362e0da5ad03233c693f4e58ac7799587610
SSDEEP

3072:zESekeILTS/DvG5PgP6l7a4Aye6NTKkWffMB4jh/PkK4n:oWL0Dv+ZRHA3WKD3zj

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

619c251b0afe76433b7bb1800dd003ff05262dde38ebb0a3119cfa8f04296693.exe

Resource

win10-20220812-en

smokeloader backdoor trojan

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  619c251b0afe76433b7bb1800dd003ff05262dde38ebb0a3119cfa8f04296693
- Size
  
  187KB
- MD5
  
  0faa76cbfb5c738b96b2645ea3c04b7f
- SHA1
  
  386d3ac01443963f8592d00e1fce64c92cf814de
- SHA256
  
  619c251b0afe76433b7bb1800dd003ff05262dde38ebb0a3119cfa8f04296693
- SHA512
  
  f079d1bca753213f2bc7f7ea32cde4e30e90f5489bb1154ced7ac79240f03bc0a5c741cef49c43ca5a404de456ae362e0da5ad03233c693f4e58ac7799587610
- SSDEEP
  
  3072:zESekeILTS/DvG5PgP6l7a4Aye6NTKkWffMB4jh/PkK4n:oWL0Dv+ZRHA3WKD3zj
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy