smokeloader | cf0cf736b31c2d85f7244ac7dae4fc7a99f6ceb5d60b61c8ba561f88666ff11c | Triage

Sharing

General

Target

cf0cf736b31c2d85f7244ac7dae4fc7a99f6ceb5d60b61c8ba561f88666ff11c
Size

186KB
Sample

221123-qz9dnsfc85
MD5

1c43b81b8e22e239b8e68bd9c4b18c76
SHA1

728f5e321f8f39beb17afc5849e9cabd0ba98ce2
SHA256

cf0cf736b31c2d85f7244ac7dae4fc7a99f6ceb5d60b61c8ba561f88666ff11c
SHA512

63588ef97306313c76517f04d63523e655134b79abd8571db327b6f68e5c0ca6db7a7a914ae8771f0d59aaa2319311cc386724272ffe1644aad3a1c85dab690f
SSDEEP

3072:RehowRAeFdmLS0nWCIs5Skhwu3zB61Xa0CwShXTdSng4lfeVm:AhqLS0nNbhbWqqShXxSnggeV

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  cf0cf736b31c2d85f7244ac7dae4fc7a99f6ceb5d60b61c8ba561f88666ff11c
- Size
  
  186KB
- MD5
  
  1c43b81b8e22e239b8e68bd9c4b18c76
- SHA1
  
  728f5e321f8f39beb17afc5849e9cabd0ba98ce2
- SHA256
  
  cf0cf736b31c2d85f7244ac7dae4fc7a99f6ceb5d60b61c8ba561f88666ff11c
- SHA512
  
  63588ef97306313c76517f04d63523e655134b79abd8571db327b6f68e5c0ca6db7a7a914ae8771f0d59aaa2319311cc386724272ffe1644aad3a1c85dab690f
- SSDEEP
  
  3072:RehowRAeFdmLS0nWCIs5Skhwu3zB61Xa0CwShXTdSng4lfeVm:AhqLS0nNbhbWqqShXxSnggeV
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan