smokeloader | 233f32a1131caba4bfc7acd3dcde443d227c05c4352c39055838e4ec41ab1fd6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

233f32a1131caba4bfc7acd3dcde443d227c05c4352c39055838e4ec41ab1fd6
Size

145KB
Sample

221006-lgbbpsggh7
MD5

3a380c0c5f91f907156d3029c264af0b
SHA1

83c07cf5854ed5d1d388ca8817c488b9042d3754
SHA256

233f32a1131caba4bfc7acd3dcde443d227c05c4352c39055838e4ec41ab1fd6
SHA512

13613800cc21ab396bd06ff60339cfd8b8a43a8c1bede682448335c85df7cc7a65bd8bf22a41de57ded0204f99a63ce03c549f6179d1565abcef8af4e97a1ad5
SSDEEP

3072:pvA9xaCGljB+e95AhK0x2lW6QWVNstCEKkLyOO:RCaCGlL95AzxPWwCZkLyO

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  233f32a1131caba4bfc7acd3dcde443d227c05c4352c39055838e4ec41ab1fd6
- Size
  
  145KB
- MD5
  
  3a380c0c5f91f907156d3029c264af0b
- SHA1
  
  83c07cf5854ed5d1d388ca8817c488b9042d3754
- SHA256
  
  233f32a1131caba4bfc7acd3dcde443d227c05c4352c39055838e4ec41ab1fd6
- SHA512
  
  13613800cc21ab396bd06ff60339cfd8b8a43a8c1bede682448335c85df7cc7a65bd8bf22a41de57ded0204f99a63ce03c549f6179d1565abcef8af4e97a1ad5
- SSDEEP
  
  3072:pvA9xaCGljB+e95AhK0x2lW6QWVNstCEKkLyOO:RCaCGlL95AzxPWwCZkLyO
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan