smokeloader | d5abf8a29fa94b3c6555eaf42b2ef20a8710c016e99cd52ea8d974951fb94cfb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5abf8a29fa94b3c6555eaf42b2ef20a8710c016e99cd52ea8d974951fb94cfb
Size

146KB
Sample

221003-pa6qtaegh9
MD5

678694f6bfd82c14de5ce085bfa82a1b
SHA1

f940baa4b42f44e58f2db96a376a2d4a41ab279e
SHA256

d5abf8a29fa94b3c6555eaf42b2ef20a8710c016e99cd52ea8d974951fb94cfb
SHA512

641606107665a11b7cc6d49a15a949de9bd213e09df6dc09c7b12d0f2ee2a47a9ea2152a408865fcb052c7619562f6abab8641daa88f6fb49a80e3093c7e6b3e
SSDEEP

3072:RSiF5KssZCLKBzz4ytUV3eWmd8e4q8zcKUSMgSDe:RSNgYz4wUNehHUnk

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  d5abf8a29fa94b3c6555eaf42b2ef20a8710c016e99cd52ea8d974951fb94cfb
- Size
  
  146KB
- MD5
  
  678694f6bfd82c14de5ce085bfa82a1b
- SHA1
  
  f940baa4b42f44e58f2db96a376a2d4a41ab279e
- SHA256
  
  d5abf8a29fa94b3c6555eaf42b2ef20a8710c016e99cd52ea8d974951fb94cfb
- SHA512
  
  641606107665a11b7cc6d49a15a949de9bd213e09df6dc09c7b12d0f2ee2a47a9ea2152a408865fcb052c7619562f6abab8641daa88f6fb49a80e3093c7e6b3e
- SSDEEP
  
  3072:RSiF5KssZCLKBzz4ytUV3eWmd8e4q8zcKUSMgSDe:RSNgYz4wUNehHUnk
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan