smokeloader | 8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf | Triage

Sharing

General

Target

8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf
Size

151KB
Sample

221127-wq3sesge25
MD5

fdf4e34e1dec16cf394670450b605506
SHA1

310d15fe6b60c675d77bf255f51d4723738bef67
SHA256

8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf
SHA512

abcca97aca7007e60b9ded9c5565d89b757ac8ac1f4317475a553d6795137a424f44fdd62d8de565e512ac52482af090465e9a590689e3f156be54ed32a26edb
SSDEEP

3072:25dPwqg43yjc8eFaCWw5XT25K2+C9ggR6bgraahtN4i:Kz3n8QaC+5K1CGgR6WaahtGi

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf
- Size
  
  151KB
- MD5
  
  fdf4e34e1dec16cf394670450b605506
- SHA1
  
  310d15fe6b60c675d77bf255f51d4723738bef67
- SHA256
  
  8db8828c288716a77908e48454765eb6a1fcd94ff1ba620c3295c80307934fdf
- SHA512
  
  abcca97aca7007e60b9ded9c5565d89b757ac8ac1f4317475a553d6795137a424f44fdd62d8de565e512ac52482af090465e9a590689e3f156be54ed32a26edb
- SSDEEP
  
  3072:25dPwqg43yjc8eFaCWw5XT25K2+C9ggR6bgraahtN4i:Kz3n8QaC+5K1CGgR6WaahtGi
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Deletes itself
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan