smokeloader | 57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319 | Triage

Submit
Reports

Overview

overview

Static

static

57d57c0a85...19.exe

windows7-x64

57d57c0a85...19.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319
Size

30KB
Sample

221222-wv1tmaeh68
MD5

728cbb098020dfae32eef9756b17b4a9
SHA1

4ce2b91287009490ad2573346aedeb60cd9ca33e
SHA256

57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319
SHA512

7ec6aab75c057c2e05caa2c077c424bb01f310d99538b1ff01e1b8eacc3efc3ea4b18a18c5631e4d72053f5dbcb4093a4ba1b1f9ea3a07f3580eaa93dfd81f1f
SSDEEP

384:X268536FtWEN5vXrcpOvIBxUSEMSBfAkYISiM91rDOhT66IyCaxbCBhg:mF1EtWEMOgBxXEekYIRy1rDKIwIh

Score

10^/10

smokeloader backdoor trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319
- Size
  
  30KB
- MD5
  
  728cbb098020dfae32eef9756b17b4a9
- SHA1
  
  4ce2b91287009490ad2573346aedeb60cd9ca33e
- SHA256
  
  57d57c0a8564dec73c5dfde1d20eb1c412eae4d69ff9b6c13164d2598c635319
- SHA512
  
  7ec6aab75c057c2e05caa2c077c424bb01f310d99538b1ff01e1b8eacc3efc3ea4b18a18c5631e4d72053f5dbcb4093a4ba1b1f9ea3a07f3580eaa93dfd81f1f
- SSDEEP
  
  384:X268536FtWEN5vXrcpOvIBxUSEMSBfAkYISiM91rDOhT66IyCaxbCBhg:mF1EtWEMOgBxXEekYIRy1rDKIwIh
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy