smokeloader | da0419198761d8b8ea3bf722ceef96cf3b27ffc4467a915c3ee3c58cdc809547 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

da0419198761d8b8ea3bf722ceef96cf3b27ffc4467a915c3ee3c58cdc809547
Size

331KB
Sample

221222-j8x9fahc8z
MD5

3ef1b6606a77395968be5eee4a8b7d6e
SHA1

89a1d29d6563a3df44c80106d9e4a2aad9819f12
SHA256

da0419198761d8b8ea3bf722ceef96cf3b27ffc4467a915c3ee3c58cdc809547
SHA512

5b1fd819831cfc3d756a346b5a345cadbe37400bd61449bab9399f835376fd546ebd6882ab97e610d239d000103225c302772b1120162ab8a2f287c90c113a5d
SSDEEP

6144:xiX6LiIV2VboRHbL/5gU0WOnPAP9QwX61hJFIJfVAVrwU+:MqeI0bm7L/6Ul6AP9F6PHgtyQ

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

da0419198761d8b8ea3bf722ceef96cf3b27ffc4467a915c3ee3c58cdc809547.exe

Resource

win10-20220812-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-1703-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  da0419198761d8b8ea3bf722ceef96cf3b27ffc4467a915c3ee3c58cdc809547
- Size
  
  331KB
- MD5
  
  3ef1b6606a77395968be5eee4a8b7d6e
- SHA1
  
  89a1d29d6563a3df44c80106d9e4a2aad9819f12
- SHA256
  
  da0419198761d8b8ea3bf722ceef96cf3b27ffc4467a915c3ee3c58cdc809547
- SHA512
  
  5b1fd819831cfc3d756a346b5a345cadbe37400bd61449bab9399f835376fd546ebd6882ab97e610d239d000103225c302772b1120162ab8a2f287c90c113a5d
- SSDEEP
  
  6144:xiX6LiIV2VboRHbL/5gU0WOnPAP9QwX61hJFIJfVAVrwU+:MqeI0bm7L/6Ul6AP9F6PHgtyQ
Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.