smokeloader | 3daef9ccf50d87b314553ea558171ef55810b8c3f76c6eb93048fb8b2c4ba25a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3daef9ccf50d87b314553ea558171ef55810b8c3f76c6eb93048fb8b2c4ba25a
Size

228KB
Sample

221223-s9q17abh4t
MD5

6d2f2d9fcc4957b24231538c330f5719
SHA1

91693487291f43c4c643f2ef088cb747bd2cee1f
SHA256

3daef9ccf50d87b314553ea558171ef55810b8c3f76c6eb93048fb8b2c4ba25a
SHA512

6e63c0fd3faea8dc1454203750edcb520e581e5740d12ecbbdddcea5d99af3dfb6a2eb26b101680c7eab6585829aaaadacd73c29eeaf80e91879265e30278fbc
SSDEEP

3072:thz5LMmktZOqbAc31WbV82KiBR/2fGs+EliIQu+oukz/rTM3f/VWBkOuRGK:DtLLu1kc3862KiBJkzhpukiVpjcK

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  3daef9ccf50d87b314553ea558171ef55810b8c3f76c6eb93048fb8b2c4ba25a
- Size
  
  228KB
- MD5
  
  6d2f2d9fcc4957b24231538c330f5719
- SHA1
  
  91693487291f43c4c643f2ef088cb747bd2cee1f
- SHA256
  
  3daef9ccf50d87b314553ea558171ef55810b8c3f76c6eb93048fb8b2c4ba25a
- SHA512
  
  6e63c0fd3faea8dc1454203750edcb520e581e5740d12ecbbdddcea5d99af3dfb6a2eb26b101680c7eab6585829aaaadacd73c29eeaf80e91879265e30278fbc
- SSDEEP
  
  3072:thz5LMmktZOqbAc31WbV82KiBR/2fGs+EliIQu+oukz/rTM3f/VWBkOuRGK:DtLLu1kc3862KiBJkzhpukiVpjcK
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan