smokeloader | 59882f450d336a3e79d445838b533a8439aa9f2a826ceaf5d5b0a30b52630037 | Triage

Sharing

General

Target

59882f450d336a3e79d445838b533a8439aa9f2a826ceaf5d5b0a30b52630037
Size

340KB
Sample

221101-xmwelsfahq
MD5

367dd41dcc8e9cc5fc4fcfbc7789928a
SHA1

b0404a85759b3137b6e1964bbf086d3638820ea0
SHA256

59882f450d336a3e79d445838b533a8439aa9f2a826ceaf5d5b0a30b52630037
SHA512

f7f4b3cf095ab2aa3ba6f218de9d3151e6a8637abc7ab41c6daf31b0c0ffa6c0839e241091f7a6be485dc87b4a90b22b868c359acd3c52f28db5edf50ac059d8
SSDEEP

6144:/nuljzpf0vFNR2QrqVYmf+Fe/pLX07ITsq:/nqzpf0vjrjEw7

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  59882f450d336a3e79d445838b533a8439aa9f2a826ceaf5d5b0a30b52630037
- Size
  
  340KB
- MD5
  
  367dd41dcc8e9cc5fc4fcfbc7789928a
- SHA1
  
  b0404a85759b3137b6e1964bbf086d3638820ea0
- SHA256
  
  59882f450d336a3e79d445838b533a8439aa9f2a826ceaf5d5b0a30b52630037
- SHA512
  
  f7f4b3cf095ab2aa3ba6f218de9d3151e6a8637abc7ab41c6daf31b0c0ffa6c0839e241091f7a6be485dc87b4a90b22b868c359acd3c52f28db5edf50ac059d8
- SSDEEP
  
  6144:/nuljzpf0vFNR2QrqVYmf+Fe/pLX07ITsq:/nqzpf0vjrjEw7
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan