smokeloader | 7baa3d4e565b0b61108e6aaaa65be7789813c231a17ff03c7517a902621c4327 | Triage

Sharing

General

Target

47171e3799f52d615fad73e268f6c6756d8945842f4523a97a10c4923d52b1eb
Size

176KB
Sample

221207-adj9nagc84
MD5

ebbb59a184c2d94fa20d406623966807
SHA1

2e607bffaa92c97f74f92ecac3a2c08178108763
SHA256

7baa3d4e565b0b61108e6aaaa65be7789813c231a17ff03c7517a902621c4327
SHA512

9e758d5b172c26e6bbc6876c92c9ca98859b52858e79965e1d6e63d08f98a9dac9bb5450cd01380155c48ed9f60b687bc1aac4e3f4905ecdf5c7f1daf3742fc5
SSDEEP

3072:0JZfyz7Cg1qJcQbiee6ToZq27RxM+BM+aAlEUXhFwzyz9jxfCdnjwheYYo86+j:c5yvmbi5so7RO+BM+aAWF6xnheRZ6+j

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  47171e3799f52d615fad73e268f6c6756d8945842f4523a97a10c4923d52b1eb
- Size
  
  274KB
- MD5
  
  d2df0d4c570f73a9ca067931f2f5c153
- SHA1
  
  05fb1f712ebcfd89bed1064b30d33d60582ce019
- SHA256
  
  47171e3799f52d615fad73e268f6c6756d8945842f4523a97a10c4923d52b1eb
- SHA512
  
  37fb70dab8f8582dcd4de2c8d347144293af92b92be95af65d6ec48a1f7d5b8319e5eb2ca07f7608d2e8c75f3ad175343dab3ccb69d165e9da72873fc02ed6a6
- SSDEEP
  
  3072:3of2XVEyYnH1o0wYbmbJzFWn5Vvti8Tf2+aAlEUXhFw2viVRvJTcpKRQOvYgV2qZ:3ofeO1Q3bJzeVi8r2+aAW/2vIDcuVS
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan