smokeloader | 148c355248a60d82e5bbe397903d233ebb63b12cc0e2614285ac2a33e29fd1b5 | Triage

Submit
Reports

Overview

overview

Static

static

5b3bf042e0...16.exe

windows7-x64

5b3bf042e0...16.exe

windows10-2004-x64

Sharing

General

Target

5b3bf042e0715803aac90a52aaa425b826a48ea2478138c57512fd87e323d316
Size

105KB
Sample

221129-2cq5csge3z
MD5

0b860963060cc1b6cfcdfb5998a1224f
SHA1

05c47be01b1b673f21611ba0bf0a623f0f9badb6
SHA256

148c355248a60d82e5bbe397903d233ebb63b12cc0e2614285ac2a33e29fd1b5
SHA512

d94cfea5bb1af0345bc614e4a0f31da724bca621f7c31a754bca37daa78906bba58a16f168233a4b6eb3b448d877d196382f02f04342c033c92af72895912e84
SSDEEP

3072:x3hX6ZYpeEZ8xjfO1OIsfOyt8ZUAWayyNTT:vqSxZUjfO1Obm8gUAWayqTT

Score

10^/10

smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

5b3bf042e0715803aac90a52aaa425b826a48ea2478138c57512fd87e323d316.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b3bf042e0715803aac90a52aaa425b826a48ea2478138c57512fd87e323d316.exe

Resource

win10v2004-20221111-en

smokeloader backdoor spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b3bf042e0715803aac90a52aaa425b826a48ea2478138c57512fd87e323d316
- Size
  
  147KB
- MD5
  
  fc97fcaa8fc062962d1d8e1c124ce2fd
- SHA1
  
  8a2056907c85bd24560c2709e163085643e74c2e
- SHA256
  
  5b3bf042e0715803aac90a52aaa425b826a48ea2478138c57512fd87e323d316
- SHA512
  
  0799108b8713a3d405192fa5f542bb29b8a6f776486300a266090b12a23775793b5a774db7acde0e7739e21d99fd49b2cbb49dda7d55b99af268fb8913503f3c
- SSDEEP
  
  3072:H0MAu+SI6av5Oi11lX95MjZZ+TxTxiydHLVWFnE37:/N+H6jiJt2r+dTxi2LVcS
Score

10^/10

smokeloader backdoor trojan spyware stealer
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorspywarestealertrojan

© 2018-2024

Terms | Privacy