smokeloader | caf3047c05dfe02fffcf840d2c4ddfab6e9d5a602edcdcea2207bce1862c11f3 | Triage

Sharing

General

Target

e71ff573564b7c7c80335f87b8aca69f81e447d50b1626d16e2ab504ecad5de8
Size

141KB
Sample

221224-xwferadf7s
MD5

a2fd13de42f726b4cfb59c4bd951bc6a
SHA1

66b065ce3b59f2b5014a5bcc07b4c01bb0ed1672
SHA256

caf3047c05dfe02fffcf840d2c4ddfab6e9d5a602edcdcea2207bce1862c11f3
SHA512

b8eacce872f45bfb63c714d0145ac7343e3442628da01a43f3e3601c73ff156e67f878e5a387e4e918bdf7f97c678bb73e8a74dbbfd125564fb2e441520e4581
SSDEEP

3072:M6e7e0daHSGhNyZ59UvhvWhNGYt9ZDRB8SQ4fkmNNUTmiz/BCPMnmQ:JR0orqUh+jGYlDX8hMkONyXOg

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  e71ff573564b7c7c80335f87b8aca69f81e447d50b1626d16e2ab504ecad5de8
- Size
  
  224KB
- MD5
  
  a0e5dafc605c54366a968facb7235162
- SHA1
  
  c73ff6a620e85d2fa6f492a27406aa422f67e6da
- SHA256
  
  e71ff573564b7c7c80335f87b8aca69f81e447d50b1626d16e2ab504ecad5de8
- SHA512
  
  35662e067c53cf891407675847b702e10117a7b566147c217413237fdc728b06642b23e945b47d1374ce85e26f664f46f73928753f91ef94cbb511806989ab58
- SSDEEP
  
  3072:xDfEoLOIbw5JDU6nGarvetbMWE7SyMS9pauD/cNDf/ln:pLOk8g6nxvUyM+paMW
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan