smokeloader | 355af6dfb2c07981ee763fe1e9e8b22a22ac51692a0e798b5d15497d50d4e434 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fc4d449e54...f1.exe

windows7-x64

fc4d449e54...f1.exe

windows10-2004-x64

Sharing

General

Target

fc4d449e540c2adc6d3a7cfb175f72ca776cc38461d5c282db12fbe117f40cf1
Size

175KB
Sample

221206-cm9l1sbd9v
MD5

35dd4714a37e4c80e7d7475507d68520
SHA1

aa8005f63d869ad82f8909763600078b276a586a
SHA256

355af6dfb2c07981ee763fe1e9e8b22a22ac51692a0e798b5d15497d50d4e434
SHA512

8bec48c38a28cc91ad1fb389e5e722c5ad0d5295ec9650178103f4f7c8278ffe7d92e615e4c45b45464eb4f06ab5b43e18ac5e5f371ca0d6b230d99203d5691d
SSDEEP

3072:u5DAM5PEyqc0Q8L4jVdvGGCcpaGtracAdKuZsEhZMUHMqeBhzgo91pJuOda5FMYF:u5j5Pn7H8L4jrvGGCI8cAEuZsEhZMcMS

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

fc4d449e540c2adc6d3a7cfb175f72ca776cc38461d5c282db12fbe117f40cf1.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc4d449e540c2adc6d3a7cfb175f72ca776cc38461d5c282db12fbe117f40cf1.exe

Resource

win10v2004-20220901-en

smokeloader backdoor trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc4d449e540c2adc6d3a7cfb175f72ca776cc38461d5c282db12fbe117f40cf1
- Size
  
  273KB
- MD5
  
  09e920d56233fd77bed9d60ebce218c9
- SHA1
  
  6b55be6b3220c1740ef71825264f165069bda2c0
- SHA256
  
  fc4d449e540c2adc6d3a7cfb175f72ca776cc38461d5c282db12fbe117f40cf1
- SHA512
  
  58f1877996b893e0831a9a92d2a497c4fe156a9eda2f651282201f72d7c2761bed30cc876db5d55e359e927dd14038eb675e9a415c32f5c42e89017865d48580
- SSDEEP
  
  6144:Amp8hFuzquZsEhZMcMqeBhAqIDcF0JVS:AmpUFuzqkhZMcnoSDcF0JVS
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy