smokeloader | f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c | Triage

Submit
Reports

Overview

overview

Static

static

f1b1349d6b...0c.exe

windows7-x64

f1b1349d6b...0c.exe

windows10-2004-x64

Sharing

General

Target

f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c.exe
Size

351KB
Sample

221204-v13dzaaf76
MD5

eb496a5c11501b5f26b7e9a1c724e5ee
SHA1

544d09d8c1e1bf3ed001470bbaf3962bd549c63b
SHA256

f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c
SHA512

3b0d97f0803fcb964cb14906c6321ea4bb974b4ee515ce66cd914a85a2f57c2f8f75383939a373830c3af14e8618274992091101e006c1b826570db700652013
SSDEEP

6144:X47/Aje4pwcV1fVhX+/xbJnMW2RqnZT5Y:X4jAjxHYxbtMW3ZT5Y

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c.exe

Resource

win10v2004-20220812-en

smokeloader backdoor trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c.exe
- Size
  
  351KB
- MD5
  
  eb496a5c11501b5f26b7e9a1c724e5ee
- SHA1
  
  544d09d8c1e1bf3ed001470bbaf3962bd549c63b
- SHA256
  
  f1b1349d6b032e77485d468213f9e86e324d82769ea3638ae3761e536462640c
- SHA512
  
  3b0d97f0803fcb964cb14906c6321ea4bb974b4ee515ce66cd914a85a2f57c2f8f75383939a373830c3af14e8618274992091101e006c1b826570db700652013
- SSDEEP
  
  6144:X47/Aje4pwcV1fVhX+/xbJnMW2RqnZT5Y:X4jAjxHYxbtMW3ZT5Y
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy