smokeloader | fbbeaa1e952007ae67e981d3ba3b282e260dba293a2250a7756c2ba4f27ba3aa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7d06e13988...e8.exe

windows7-x64

7d06e13988...e8.exe

windows10-2004-x64

Sharing

General

Target

7d06e1398824ce24db20af1e5de6eae8.exe
Size

301KB
Sample

221229-pjxjhada47
MD5

7d06e1398824ce24db20af1e5de6eae8
SHA1

fb01ccd6b557431d46278ea95ff13c3ec58ae6c5
SHA256

fbbeaa1e952007ae67e981d3ba3b282e260dba293a2250a7756c2ba4f27ba3aa
SHA512

d03bd3c16dc992a252e367b76c7b9e963ab11c13b90bf4adb457f4195fb23511b9fbb5c11612bd08a536aba20ad5bee65d526bde62d5a62bc28095ea07d4eeee
SSDEEP

6144:5+U5mLNpGWZedB+Aqxro2yiw7n1HbwZoV9J:rwB4WYcAsZw7

Score

10^/10

smokeloader backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

7d06e1398824ce24db20af1e5de6eae8.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

7d06e1398824ce24db20af1e5de6eae8.exe

Resource

win10v2004-20221111-en

smokeloader backdoor persistence trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  7d06e1398824ce24db20af1e5de6eae8.exe
- Size
  
  301KB
- MD5
  
  7d06e1398824ce24db20af1e5de6eae8
- SHA1
  
  fb01ccd6b557431d46278ea95ff13c3ec58ae6c5
- SHA256
  
  fbbeaa1e952007ae67e981d3ba3b282e260dba293a2250a7756c2ba4f27ba3aa
- SHA512
  
  d03bd3c16dc992a252e367b76c7b9e963ab11c13b90bf4adb457f4195fb23511b9fbb5c11612bd08a536aba20ad5bee65d526bde62d5a62bc28095ea07d4eeee
- SSDEEP
  
  6144:5+U5mLNpGWZedB+Aqxro2yiw7n1HbwZoV9J:rwB4WYcAsZw7
Score

10^/10

smokeloader backdoor trojan persistence
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorpersistencetrojan

© 2018-2025

Terms | Privacy