smokeloader | aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88 | Triage

Sharing

General

Target

aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88
Size

285KB
Sample

221106-n9kf7aafc6
MD5

aa2c8fe55e1902026dd62ae5080685a8
SHA1

60be5aa666e26e9de0ee6dcbea45d0612e12f8c9
SHA256

aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88
SHA512

8d6cd4e4734d59bc51a3a786831c9fceae9ceb7c2505ec8c04eb41e062d65ed09e55ad231fb61907ff6b5bd0efc1e6a5d3a83c2720f85b46b6778b8f8c214b78
SSDEEP

3072:KqZ5WYin2CHThT5bqhRjywexBkuKUNg8MgY3IMjK/Yl:7Vi5H9tIexBkuJNg8MpHW/Yl

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88
- Size
  
  285KB
- MD5
  
  aa2c8fe55e1902026dd62ae5080685a8
- SHA1
  
  60be5aa666e26e9de0ee6dcbea45d0612e12f8c9
- SHA256
  
  aa70786992be553b0e51e5bc98c1ad2d60b3c99bd1e16493648593123a9cdc88
- SHA512
  
  8d6cd4e4734d59bc51a3a786831c9fceae9ceb7c2505ec8c04eb41e062d65ed09e55ad231fb61907ff6b5bd0efc1e6a5d3a83c2720f85b46b6778b8f8c214b78
- SSDEEP
  
  3072:KqZ5WYin2CHThT5bqhRjywexBkuKUNg8MgY3IMjK/Yl:7Vi5H9tIexBkuJNg8MpHW/Yl
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan