smokeloader | 882b546df09bb09b7d70a717a73c257d0684bae574160de290438cca6bf8ba9c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

842f4b4369...49.exe

windows7-x64

842f4b4369...49.exe

windows10-2004-x64

Sharing

General

Target

842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49
Size

140KB
Sample

221224-wnmcnade8v
MD5

8d9b07ee8f0e961522ccadcbe82e9204
SHA1

38be1a9a73208600f1330d4b1aeec645e6bc6bda
SHA256

882b546df09bb09b7d70a717a73c257d0684bae574160de290438cca6bf8ba9c
SHA512

47ebeb4a0f539a27fcbc17fe66f9aaf19d67fdd95e80c6b2c61f3d70c42aac5b5e82562fe7f79c8287265f8515057c932a024fd77d1c08f8855d3dbf6e0e15fc
SSDEEP

3072:SIkimGAPYI3y213LbAVwh9rXCnNRAXuHP2Q2xzDxAqmgaQMp0WmN6PIWu:SAmGmYIL13ngwhtSn4+h2xZjlnNWmN6K

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49.exe

Resource

win10v2004-20220812-en

smokeloader backdoor trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49
- Size
  
  223KB
- MD5
  
  bfbfca5f9c558bf3171f999ba3459d12
- SHA1
  
  ced296dd2fa34b9b52cdb01e238af34dd8414399
- SHA256
  
  842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49
- SHA512
  
  59150c481eb0544897b09c53f52cd00f1068f410234c947ab24e96948713d6fb129ac01a98a747d84d918003555c7177e1cf40abd1cb099e2fb0d43ec0ca72a1
- SSDEEP
  
  3072:WDwILGHLb55+98kVwAgmv9LKxW42MLauDgI7H4f/ln:qLGrfkgm1XMLaMgIS
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy