smokeloader | 53e91aa8e47dc26f0289b1800aa76bafe0b8274e99585d91e2da679d8353d6a3 | Triage

Sharing

General

Target

c3b0bf7d0c11b5b2cf88a5a05879c649.exe
Size

146KB
Sample

221006-jcdj6agfc2
MD5

c3b0bf7d0c11b5b2cf88a5a05879c649
SHA1

063791ec150bdc93c5af7768cc0deabec1aafebc
SHA256

53e91aa8e47dc26f0289b1800aa76bafe0b8274e99585d91e2da679d8353d6a3
SHA512

f0bd7f97b1c1be55da42a8c5eb644330806c7021765c78ae0780374ce02432334d3379b1198d0590a1ea2fd3bc43fcc0c713a06a9a5d3be9fc5d4fe4e8ab6416
SSDEEP

1536:aJ2AD/fxK+FT+BN2++t4Bj8BkzCTl8XYiDraPCMu1iP+oo3r0ov1piQOuwluhOi:aJ2ADBlb++GB/2Tl8kCfXRZ4uhO

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  c3b0bf7d0c11b5b2cf88a5a05879c649.exe
- Size
  
  146KB
- MD5
  
  c3b0bf7d0c11b5b2cf88a5a05879c649
- SHA1
  
  063791ec150bdc93c5af7768cc0deabec1aafebc
- SHA256
  
  53e91aa8e47dc26f0289b1800aa76bafe0b8274e99585d91e2da679d8353d6a3
- SHA512
  
  f0bd7f97b1c1be55da42a8c5eb644330806c7021765c78ae0780374ce02432334d3379b1198d0590a1ea2fd3bc43fcc0c713a06a9a5d3be9fc5d4fe4e8ab6416
- SSDEEP
  
  1536:aJ2AD/fxK+FT+BN2++t4Bj8BkzCTl8XYiDraPCMu1iP+oo3r0ov1piQOuwluhOi:aJ2ADBlb++GB/2Tl8kCfXRZ4uhO
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan