smokeloader | 1542792963dcb975b705dc41b63415aa27a686eee36ebfb1df7138134eaff246 | Triage

Sharing

General

Target

04d85ed0df5a4e1ecb16d8dfa296d5aaa9654b2a39730cb265d0cf684311ecb1
Size

115KB
Sample

221127-2pgfpahh9x
MD5

cd4d425bf3678de04757f60adc4223db
SHA1

6a1876f6053eec4f0d2c1a23b658e6da9604ce21
SHA256

1542792963dcb975b705dc41b63415aa27a686eee36ebfb1df7138134eaff246
SHA512

ff7eb487c9de22aedf9940a1818b2f7a5ac9e7f65b38136317252c1224b7d4a531f97bcb3debc4cebc030b1bfec5a501b75e6be6be0930c9aa4f72d401925313
SSDEEP

3072:+TXD2BcsAOiM9DINzq6qSKvFDXUPNYG3t7CNOJDsfhqWFDZD7o9O:eXecsAK90NzXoC1YqCOsfhqWDIO

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  04d85ed0df5a4e1ecb16d8dfa296d5aaa9654b2a39730cb265d0cf684311ecb1
- Size
  
  167KB
- MD5
  
  69780ca3e35643f69b0e2d6a4cde8130
- SHA1
  
  15a3ed86e6dabf55bf2df41bf37b7dcac8611104
- SHA256
  
  04d85ed0df5a4e1ecb16d8dfa296d5aaa9654b2a39730cb265d0cf684311ecb1
- SHA512
  
  5f68a3e3ccbb64073f64c5ca2664faa964d0ef12d7f9482b4153a394c30ea1faade4caadf0254920718d47aaa783274f9b3f919f698745869d970abb150c68e0
- SSDEEP
  
  3072:OtBdw5VsGu2CERRS5hKJBdCcssg6cHuRvHF:i4CG8ERxBdCeg6cO
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan