smokeloader | ed14486603cc232368e9b0650bd90163bbeec4f068aa4722926b0c4bf8683335 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

356c1b7171...36.exe

windows7-x64

356c1b7171...36.exe

windows10-2004-x64

Sharing

General

Target

356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036
Size

176KB
Sample

221206-bmwvgsea78
MD5

14fe2c844616c7685a3a2601c7884794
SHA1

3d00e6dc7dd4ccd82bf0b4e74cc9b797647b4c7e
SHA256

ed14486603cc232368e9b0650bd90163bbeec4f068aa4722926b0c4bf8683335
SHA512

804cd9d2b980cbf6b5645ca149076757d571f6975e0ae601cb2cef808549505f6f8bf44fef0a2c87c58b026b04e57a98d2e15c8dcb62f2856d6d513f941ec32a
SSDEEP

3072:Rmor9OlCc02OA83aBFMaHl4eIwJ+6+Owsbe7blHf8SZeZaEmX+bPaQoVARETb/C:IorgCc02OArBSeIlawF/ZeZDZboVAREa

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036.exe

Resource

win10v2004-20220901-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036
- Size
  
  274KB
- MD5
  
  9b06106ec7ddfd36fe6092c40dd042d7
- SHA1
  
  b966830e4ff4cfb180810f4bf461cbab1c42be61
- SHA256
  
  356c1b7171d6aba40a1dd434d6a4b1ea810847be9b741d23c3be72aef4e1a036
- SHA512
  
  e48b1d47ac5af6a8602d59083e206113c774b2b06af0a3a21cdebb120f4511c1dcdec801e0352bda1e872c924c99cd8c41316cf45cc8c2cb77c508b7085443ef
- SSDEEP
  
  6144:8ZexVJOnbkxGFPKKK4awFYh5wIDcudniiJVS:8clMbaGLa7DcudniiJVS
Score

10^/10

smokeloader backdoor trojan collection discovery spyware stealer
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy