smokeloader | 2eb013b595235d1c83f88c303c29ca5e380af3a22c60aaf29114ce54e637425c | Triage

Submit
Reports

Overview

overview

Static

static

0646e0137c...94.exe

windows7-x64

0646e0137c...94.exe

windows10-2004-x64

Sharing

General

Target

0646e0137c7eb1695c108babd0a629c8b1fab606d8cd573292c3e9969c031c94
Size

105KB
Sample

221129-1q3jwaed3s
MD5

f383393f704d0de888d6cec5c9995b0e
SHA1

28538491c693e02c97eb94730a1396ba2f5fb2e9
SHA256

2eb013b595235d1c83f88c303c29ca5e380af3a22c60aaf29114ce54e637425c
SHA512

6fd40aaffd7fe2cd8663808017d3594819b2b63b218b45e8d04529c0c59092288f9be69ae3acf81329c37dde4f0da69140df9913105323ef091d7bc80ff89c7c
SSDEEP

1536:l0q445fPIkF/sOxMti+5pYL+38iuKUE+7+vvF0jAnN9NDnys+ojvRaunwHCh6TwJ:ldv5fQanMxpY7KUEW+vKknNvnTpRPV1P

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

0646e0137c7eb1695c108babd0a629c8b1fab606d8cd573292c3e9969c031c94.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0646e0137c7eb1695c108babd0a629c8b1fab606d8cd573292c3e9969c031c94.exe

Resource

win10v2004-20220812-en

smokeloader backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  0646e0137c7eb1695c108babd0a629c8b1fab606d8cd573292c3e9969c031c94
- Size
  
  147KB
- MD5
  
  a2cc54af7dfb0168fb124fe51b835011
- SHA1
  
  708b5e47fc20c187d71398950aac8af20a175db4
- SHA256
  
  0646e0137c7eb1695c108babd0a629c8b1fab606d8cd573292c3e9969c031c94
- SHA512
  
  deeea29354f729cce56d238afc37f477e33b3fe881c8fdd8e708c911d29a6584040dc5fb01c8de8b10c7578d70942440c96350cf5722a1d4bf6d80a20ef06e24
- SSDEEP
  
  1536:XeszPydyBhTVMcZFkj6n0iPCMS5Np5nkeUXTd/j6oUd/lTwb19f/LIV08zdR/J:usDFEvauv5QDd/j6vd/lTUH8Jzz
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy