smokeloader | 58c04b9758f0220d02505f2e4b2de3226b8ca1b85ff3188775ac1d17f7802ec0 | Triage

Sharing

General

Target

200908-p5f4c5cdzj_pw_infected.zip
Size

90KB
Sample

221125-r5p3naee62
MD5

b2402d911da1718ed84939b4e731cac1
SHA1

b8d6b7ab5a100fe8ea8eaf7f3af798f0092c989a
SHA256

58c04b9758f0220d02505f2e4b2de3226b8ca1b85ff3188775ac1d17f7802ec0
SHA512

0ae0050e315e3ba5fc3c2ee0381528387dde9a4c766c8e51fafc0c6bc18b15c60dac8e768dfd66afd93d1c165e73a57138204e22933b597b3ca3aa5368117748
SSDEEP

1536:aVxw3e4TNRE28zIDFMo9ZPs47M/jes+WLf706+GO10BKWZYQHozKEshGUAbv/T5e:l33Na28zIDaK5w/qsfUoysfYQHUsgUAQ

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
- Size
  
  154KB
- MD5
  
  91879bdd73625ac38c31fe5225310e92
- SHA1
  
  a007b979483ee6b57b93a11340932a60f5781570
- SHA256
  
  23bef893e3af7cb49dc5ae0a14452ed781f841db7397dc3ebb689291fd701b6b
- SHA512
  
  22678f18385ed177ed34cac52fc8667c6d6cdc2953b1818a6e530411894aa6947b04408320137af8ebd5b1d6d733f374a1d962608e0e6c234e5a43b89fe9de3c
- SSDEEP
  
  1536:nlLo/0V9TwAYS++Lx5tvFX2kmso2zJxnuOdwjMqruAEaj/qFmCfRWzvg7xYQJ8G:lLo/0V2kt3PBqQIyfRS46QJ8
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan