smokeloader | 26e47792ecdef69714137eae009b5c6df33df725e6856edeb1640a33a10761bf | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

26e47792ecdef69714137eae009b5c6df33df725e6856edeb1640a33a10761bf
Size

234KB
Sample

221230-jypvbafc22
MD5

21657403b6bc47e37a305e3980c131b8
SHA1

c61f54e4c1c3ab93a8d5e36b13a0439c43bdb021
SHA256

26e47792ecdef69714137eae009b5c6df33df725e6856edeb1640a33a10761bf
SHA512

dfc4e96603dabebc9fa4d8e00b2d3ed143f034db52730708461cd17c1078660ac120bc435e6a2549694549074dd7a44b4fb2750f69b893fcb369ed3a1a7e5fc0
SSDEEP

3072:mP5L6+9kRpM0ezREUFCifzLU4RLU8y5/LU8y53PjB6xuqqb53y1t/M:CLR+MnKUFCGvU4Ro5oR8x3E5

Score

10^/10

smokeloader backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

26e47792ecdef69714137eae009b5c6df33df725e6856edeb1640a33a10761bf.exe

Resource

win10-20220901-en

smokeloader backdoor discovery spyware stealer trojan

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  26e47792ecdef69714137eae009b5c6df33df725e6856edeb1640a33a10761bf
- Size
  
  234KB
- MD5
  
  21657403b6bc47e37a305e3980c131b8
- SHA1
  
  c61f54e4c1c3ab93a8d5e36b13a0439c43bdb021
- SHA256
  
  26e47792ecdef69714137eae009b5c6df33df725e6856edeb1640a33a10761bf
- SHA512
  
  dfc4e96603dabebc9fa4d8e00b2d3ed143f034db52730708461cd17c1078660ac120bc435e6a2549694549074dd7a44b4fb2750f69b893fcb369ed3a1a7e5fc0
- SSDEEP
  
  3072:mP5L6+9kRpM0ezREUFCifzLU4RLU8y5/LU8y53PjB6xuqqb53y1t/M:CLR+MnKUFCGvU4Ro5oR8x3E5
Score

10^/10

smokeloader backdoor discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy