smokeloader | 1bdd67ebc19bcd57fb4ce5ef4be548904d5c250548ea240632e6f61fed279644 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1bdd67ebc19bcd57fb4ce5ef4be548904d5c250548ea240632e6f61fed279644
Size

133KB
Sample

221003-h4smqaedgl
MD5

834a70d97bac0a08a2c9e095ab365209
SHA1

8972e57640e647836e5a7015f527dcae7563d1a9
SHA256

1bdd67ebc19bcd57fb4ce5ef4be548904d5c250548ea240632e6f61fed279644
SHA512

87d32ef20dfd6830447a672b1cca4c9c0ed3dcd955f142223925df5e874e90fddea5b9962096fc3dba013ce08774828440c70608f1cc59a3d961dc5c59ebc97b
SSDEEP

1536:1BYS7S3Kocpj4pYABORhhzKtqh8/lIHQThOiyChyifFxxEDuoozfhT4Q04jlgHMv:1BYS7S3GyORgzNRTYCEqFEpqT40lWu

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

1bdd67ebc19bcd57fb4ce5ef4be548904d5c250548ea240632e6f61fed279644.exe

Resource

win10v2004-20220812-en

smokeloader backdoor trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1bdd67ebc19bcd57fb4ce5ef4be548904d5c250548ea240632e6f61fed279644
- Size
  
  133KB
- MD5
  
  834a70d97bac0a08a2c9e095ab365209
- SHA1
  
  8972e57640e647836e5a7015f527dcae7563d1a9
- SHA256
  
  1bdd67ebc19bcd57fb4ce5ef4be548904d5c250548ea240632e6f61fed279644
- SHA512
  
  87d32ef20dfd6830447a672b1cca4c9c0ed3dcd955f142223925df5e874e90fddea5b9962096fc3dba013ce08774828440c70608f1cc59a3d961dc5c59ebc97b
- SSDEEP
  
  1536:1BYS7S3Kocpj4pYABORhhzKtqh8/lIHQThOiyChyifFxxEDuoozfhT4Q04jlgHMv:1BYS7S3GyORgzNRTYCEqFEpqT40lWu
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy