smokeloader | 71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
Size

227KB
Sample

221221-pnh7nscc46
MD5

a9f127a12daffee261db244461d88d4d
SHA1

87c3daaeb52d3752cfe2490f2bd50fa4aa662c18
SHA256

71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
SHA512

d841a8164fed58f455ee035ff88bd42414af7ca1865b9e72ab79601b91d9f9752786020eeaea543dce9048431dd0270dc6ec146121a28f66f163a08b5e7ee522
SSDEEP

6144:5GtLRU8PORjhRzo53oTqW85sbqkfeRu4:ItKKgjno53cb68

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0.exe

Resource

win10v2004-20220812-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-2004-x64

32 signatures

150 seconds

Malware Config

Targets

- Target
  
  71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
- Size
  
  227KB
- MD5
  
  a9f127a12daffee261db244461d88d4d
- SHA1
  
  87c3daaeb52d3752cfe2490f2bd50fa4aa662c18
- SHA256
  
  71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
- SHA512
  
  d841a8164fed58f455ee035ff88bd42414af7ca1865b9e72ab79601b91d9f9752786020eeaea543dce9048431dd0270dc6ec146121a28f66f163a08b5e7ee522
- SSDEEP
  
  6144:5GtLRU8PORjhRzo53oTqW85sbqkfeRu4:ItKKgjno53cb68
Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy