smokeloader | 85e09e81ee9b65697d029a74b6ca5de8777b5a487edf17cedcb76f3fd90e5ad3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

85e09e81ee9b65697d029a74b6ca5de8777b5a487edf17cedcb76f3fd90e5ad3
Size

271KB
Sample

221010-j6swyabdal
MD5

47ced11f0a75aa0d10517242cd876b4d
SHA1

bc5a3a03183d247c3cbe863fa265f32d9bcd0302
SHA256

85e09e81ee9b65697d029a74b6ca5de8777b5a487edf17cedcb76f3fd90e5ad3
SHA512

bf884dc94fe5c0cbe667cb811af93f1ef006603fcc997912a4b17a352df340aa73e9e9092494d2bc14c9c5dfca825fbe1d918c59ac2de94a03a59fb28722dcd6
SSDEEP

3072:dXhGJT2W0iUOtPtO5VoUrtp3fIUYGGuGEF0T1M/h3qpZa9uD6VdyhkhUuS:ZUiYPtEp3fI7T1rwVfquS

Score

10^/10

smokeloader backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

85e09e81ee9b65697d029a74b6ca5de8777b5a487edf17cedcb76f3fd90e5ad3.exe

Resource

win10v2004-20220812-en

smokeloader backdoor discovery spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  85e09e81ee9b65697d029a74b6ca5de8777b5a487edf17cedcb76f3fd90e5ad3
- Size
  
  271KB
- MD5
  
  47ced11f0a75aa0d10517242cd876b4d
- SHA1
  
  bc5a3a03183d247c3cbe863fa265f32d9bcd0302
- SHA256
  
  85e09e81ee9b65697d029a74b6ca5de8777b5a487edf17cedcb76f3fd90e5ad3
- SHA512
  
  bf884dc94fe5c0cbe667cb811af93f1ef006603fcc997912a4b17a352df340aa73e9e9092494d2bc14c9c5dfca825fbe1d918c59ac2de94a03a59fb28722dcd6
- SSDEEP
  
  3072:dXhGJT2W0iUOtPtO5VoUrtp3fIUYGGuGEF0T1M/h3qpZa9uD6VdyhkhUuS:ZUiYPtEp3fI7T1rwVfquS
Score

10^/10

smokeloader backdoor discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy