smokeloader | fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

SecuriteIn...06.exe

windows7-x64

7

SecuriteIn...06.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe
Size

194KB
Sample

221107-fppamscban
MD5

1f7c02bd3eb53ee754b0c67c74cceec0
SHA1

18e72b462474521a212c0b0ece294d89cfc9b3d7
SHA256

fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1
SHA512

4e81983e8058ccf3e966bb664c33a8f5910e34800a10105fb46448b3172c83c6af9aa55cf1ccd8458ca1ddf24717eb83c439f22f1ddc12dfd9265cc21dfdcacf
SSDEEP

6144:0Uj/wkaLFBG5XddZTnzFFoXEPkua5AxQbI:0qNm2BnzFbkuaB8

Score

10^/10

smokeloader backdoor collection discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe

Resource

win10v2004-20220812-en

smokeloader backdoor collection discovery trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe
- Size
  
  194KB
- MD5
  
  1f7c02bd3eb53ee754b0c67c74cceec0
- SHA1
  
  18e72b462474521a212c0b0ece294d89cfc9b3d7
- SHA256
  
  fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1
- SHA512
  
  4e81983e8058ccf3e966bb664c33a8f5910e34800a10105fb46448b3172c83c6af9aa55cf1ccd8458ca1ddf24717eb83c439f22f1ddc12dfd9265cc21dfdcacf
- SSDEEP
  
  6144:0Uj/wkaLFBG5XddZTnzFFoXEPkua5AxQbI:0qNm2BnzFbkuaB8
Score

10^/10

discovery smokeloader backdoor collection trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

smokeloaderbackdoorcollectiondiscoverytrojan

© 2018-2025

Terms | Privacy