smokeloader | 424e38aef866b35155b098f315ac1bb00ae6550b2856f5b47667ed859cf236f0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

424e38aef866b35155b098f315ac1bb00ae6550b2856f5b47667ed859cf236f0
Size

168KB
Sample

221125-x6fhhaaa66
MD5

9831ca5d7052b34c78fd323a2e557fd3
SHA1

33cc39182abfe7f2c777fa7c5faa52b8e30b7f63
SHA256

424e38aef866b35155b098f315ac1bb00ae6550b2856f5b47667ed859cf236f0
SHA512

c54d3f26d05b89058d3f3fc7fa830aaf81e21faa9103030347d14bb30638502be0f96c4dffbaf0cb383e158487190ebe98a4db0f73a6de907d30b20800a09e11
SSDEEP

3072:rjN9fE1GTK5KS5kuh/wu9hzguRVVgitpb4IQ40:Ps16K5N/T9hcuRVuUd

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  424e38aef866b35155b098f315ac1bb00ae6550b2856f5b47667ed859cf236f0
- Size
  
  168KB
- MD5
  
  9831ca5d7052b34c78fd323a2e557fd3
- SHA1
  
  33cc39182abfe7f2c777fa7c5faa52b8e30b7f63
- SHA256
  
  424e38aef866b35155b098f315ac1bb00ae6550b2856f5b47667ed859cf236f0
- SHA512
  
  c54d3f26d05b89058d3f3fc7fa830aaf81e21faa9103030347d14bb30638502be0f96c4dffbaf0cb383e158487190ebe98a4db0f73a6de907d30b20800a09e11
- SSDEEP
  
  3072:rjN9fE1GTK5KS5kuh/wu9hzguRVVgitpb4IQ40:Ps16K5N/T9hcuRVuUd
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan