smokeloader | c6812476246b106c15cd26d2264fbf7fb354de2f630a36e205c2690bdef48ff0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

c6812476246b106c15cd26d2264fbf7fb354de2f630a36e205c2690bdef48ff0
Size

186KB
Sample

221123-syw33aff6w
MD5

46fb5f3380d5e7e5acf4c9848ac43338
SHA1

13b2ec7f1b7fb05b5b4bb7cc600941a99a9142a5
SHA256

c6812476246b106c15cd26d2264fbf7fb354de2f630a36e205c2690bdef48ff0
SHA512

3e8371e91ecb43320ed5a2446ff6e88b2b07e660bb1b8d57fb7aceda1d9991cf1cca00229e808146547f9a2b32ea80bdc9656103ac2e3a04d2c8812770d9185a
SSDEEP

3072:rqKyrvjBo4YLNbQWf8pk5VBS6iWboEIhOVG//I4mJ:rxyZolLNbQo8aicplVGXIt

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

c6812476246b106c15cd26d2264fbf7fb354de2f630a36e205c2690bdef48ff0.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c6812476246b106c15cd26d2264fbf7fb354de2f630a36e205c2690bdef48ff0
- Size
  
  186KB
- MD5
  
  46fb5f3380d5e7e5acf4c9848ac43338
- SHA1
  
  13b2ec7f1b7fb05b5b4bb7cc600941a99a9142a5
- SHA256
  
  c6812476246b106c15cd26d2264fbf7fb354de2f630a36e205c2690bdef48ff0
- SHA512
  
  3e8371e91ecb43320ed5a2446ff6e88b2b07e660bb1b8d57fb7aceda1d9991cf1cca00229e808146547f9a2b32ea80bdc9656103ac2e3a04d2c8812770d9185a
- SSDEEP
  
  3072:rqKyrvjBo4YLNbQWf8pk5VBS6iWboEIhOVG//I4mJ:rxyZolLNbQo8aicplVGXIt
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy