smokeloader | 27af32a0fb394c5def392f654d808fd6d70965f69f8d7864b47d86f09323e9e5 | Triage

Sharing

General

Target

27af32a0fb394c5def392f654d808fd6d70965f69f8d7864b47d86f09323e9e5
Size

316KB
Sample

221223-e13fzafg96
MD5

2d952fb59d12b8bcf675b46548cd6fa8
SHA1

74840f8ab98b2fc30d500fd2eece349e04d3f868
SHA256

27af32a0fb394c5def392f654d808fd6d70965f69f8d7864b47d86f09323e9e5
SHA512

7d48f17663a6c837b78e487c2b66c868a9631a07710ca15cf4caddf5047a8031f44ad327dceefe5a816a7e13056ccba0b32597565b7f116705ff18d627386010
SSDEEP

6144:KJLSf36ozpIbpwWC0GAKvi+xRR0cSpQTtyzsduHNIv:KJmf3rzpItw4RKv5RR0TCtyYduHNI

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  27af32a0fb394c5def392f654d808fd6d70965f69f8d7864b47d86f09323e9e5
- Size
  
  316KB
- MD5
  
  2d952fb59d12b8bcf675b46548cd6fa8
- SHA1
  
  74840f8ab98b2fc30d500fd2eece349e04d3f868
- SHA256
  
  27af32a0fb394c5def392f654d808fd6d70965f69f8d7864b47d86f09323e9e5
- SHA512
  
  7d48f17663a6c837b78e487c2b66c868a9631a07710ca15cf4caddf5047a8031f44ad327dceefe5a816a7e13056ccba0b32597565b7f116705ff18d627386010
- SSDEEP
  
  6144:KJLSf36ozpIbpwWC0GAKvi+xRR0cSpQTtyzsduHNIv:KJmf3rzpItw4RKv5RR0TCtyYduHNI
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan