smokeloader | 438aa9cc91d13dfa86644426b8f90be7f3302bbdbb70fcd71b3ede8c5ff9e464 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

186KB
Sample

221123-zwkqksdh87
MD5

212889c268e37fdf0052b3ec0e6dd6fe
SHA1

78037cf5caa71fb7ab0f9fa44b22dc988cfab2c0
SHA256

438aa9cc91d13dfa86644426b8f90be7f3302bbdbb70fcd71b3ede8c5ff9e464
SHA512

549c9adc2d0346162854d34aeea5d55490e071e64705c8549f8e41a18af75502bbf913afb095240380e748fe67a906c82115948f924f0aa33e1b9f1899d878b4
SSDEEP

3072:WkfRIWEJ/Fk2wLE4k3Vxj5RttJFtDQ5KMoupWGERWM:XfKwLE4iXbJFDhVGEg

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  186KB
- MD5
  
  212889c268e37fdf0052b3ec0e6dd6fe
- SHA1
  
  78037cf5caa71fb7ab0f9fa44b22dc988cfab2c0
- SHA256
  
  438aa9cc91d13dfa86644426b8f90be7f3302bbdbb70fcd71b3ede8c5ff9e464
- SHA512
  
  549c9adc2d0346162854d34aeea5d55490e071e64705c8549f8e41a18af75502bbf913afb095240380e748fe67a906c82115948f924f0aa33e1b9f1899d878b4
- SSDEEP
  
  3072:WkfRIWEJ/Fk2wLE4k3Vxj5RttJFtDQ5KMoupWGERWM:XfKwLE4iXbJFDhVGEg
Score

10^/10

smokeloader backdoor trojan collection discovery spyware stealer
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy