smokeloader | 53290d7a62ef29e1448c29184065ed50df67f7be372753706e20409804e09450 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

53290d7a62ef29e1448c29184065ed50df67f7be372753706e20409804e09450
Size

261KB
Sample

221231-rfhx2shf93
MD5

01b3d33e9177f7a2f1af3dcd270a654d
SHA1

318383633fa45e04700a17589ffde04cd5efcd9f
SHA256

53290d7a62ef29e1448c29184065ed50df67f7be372753706e20409804e09450
SHA512

fd38b87d00898680ee9ef08e2e3444bc9cb3d6a41d7a6b6c558df887adac66fb89e75859ff76501ecdfa0a5712d39b6aa67ab102f9e57697895dcdffb2a22184
SSDEEP

3072:Hkcgt81YA4sHL/46TG14x1RQxHUsHLgug1zJVJ7ykkKVlmqEXz27hZY:HU6vBLgB1o09nsuuVVAaYiZY

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

53290d7a62ef29e1448c29184065ed50df67f7be372753706e20409804e09450.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  53290d7a62ef29e1448c29184065ed50df67f7be372753706e20409804e09450
- Size
  
  261KB
- MD5
  
  01b3d33e9177f7a2f1af3dcd270a654d
- SHA1
  
  318383633fa45e04700a17589ffde04cd5efcd9f
- SHA256
  
  53290d7a62ef29e1448c29184065ed50df67f7be372753706e20409804e09450
- SHA512
  
  fd38b87d00898680ee9ef08e2e3444bc9cb3d6a41d7a6b6c558df887adac66fb89e75859ff76501ecdfa0a5712d39b6aa67ab102f9e57697895dcdffb2a22184
- SSDEEP
  
  3072:Hkcgt81YA4sHL/46TG14x1RQxHUsHLgug1zJVJ7ykkKVlmqEXz27hZY:HU6vBLgB1o09nsuuVVAaYiZY
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy