smokeloader | b54b7dd25042608209e2a84095f9f6cd3252024dfac84425916587a22e99d202 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

b54b7dd25042608209e2a84095f9f6cd3252024dfac84425916587a22e99d202
Size

312KB
Sample

221229-xjempaha7y
MD5

bf0de4fe0f0f15a93fb3aee7b1dc7448
SHA1

e25bc5cbb79c213a465b0ddcc21e846d814c87a5
SHA256

b54b7dd25042608209e2a84095f9f6cd3252024dfac84425916587a22e99d202
SHA512

658b9c8c7abd43080e518bf16f06faaff76f2063f13d68702a9691332ddd4c78c48fec96dee33f5332e0451b17918695c8777f902d2fe5ffad4157b712c30148
SSDEEP

6144:9LrC62dRvLNwWKE+q400txyIxZ1WqqdSJ9R:9PCrzvxKED0zdYS

Score

10^/10

smokeloader backdoor discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

b54b7dd25042608209e2a84095f9f6cd3252024dfac84425916587a22e99d202.exe

Resource

win10v2004-20220812-en

smokeloader backdoor discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  b54b7dd25042608209e2a84095f9f6cd3252024dfac84425916587a22e99d202
- Size
  
  312KB
- MD5
  
  bf0de4fe0f0f15a93fb3aee7b1dc7448
- SHA1
  
  e25bc5cbb79c213a465b0ddcc21e846d814c87a5
- SHA256
  
  b54b7dd25042608209e2a84095f9f6cd3252024dfac84425916587a22e99d202
- SHA512
  
  658b9c8c7abd43080e518bf16f06faaff76f2063f13d68702a9691332ddd4c78c48fec96dee33f5332e0451b17918695c8777f902d2fe5ffad4157b712c30148
- SSDEEP
  
  6144:9LrC62dRvLNwWKE+q400txyIxZ1WqqdSJ9R:9PCrzvxKED0zdYS
Score

10^/10

smokeloader backdoor discovery trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy