smokeloader | f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce | Triage

Sharing

General

Target

f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
Size

232KB
Sample

221225-ppqm5sbe52
MD5

612690d2d2a6c5aec8e5b623e2c390cf
SHA1

8f05ab45296839473b91afd9f4ad158f6bd1c2ba
SHA256

f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
SHA512

894691078f834e5038c03ab32d46fee12719af18357c48cdd9b511c196828b9e64d8d10a563aac7693eb024fd968fcb2085af03b9072acf7eb58bb9f0888f88c
SSDEEP

3072:sl8NLawRLUhJ5hX6YMnfaJJZ4s2/nIVzW+5SeAddxZtJ/SRLjw7RkxmJZs:tLFRLk7J/4BEW+ce6dxPJ/SZGymI

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
- Size
  
  232KB
- MD5
  
  612690d2d2a6c5aec8e5b623e2c390cf
- SHA1
  
  8f05ab45296839473b91afd9f4ad158f6bd1c2ba
- SHA256
  
  f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
- SHA512
  
  894691078f834e5038c03ab32d46fee12719af18357c48cdd9b511c196828b9e64d8d10a563aac7693eb024fd968fcb2085af03b9072acf7eb58bb9f0888f88c
- SSDEEP
  
  3072:sl8NLawRLUhJ5hX6YMnfaJJZ4s2/nIVzW+5SeAddxZtJ/SRLjw7RkxmJZs:tLFRLk7J/4BEW+ce6dxPJ/SZGymI
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan