smokeloader | 1edd6e93c7b18f52341f30718c306130857180a4861af722a7ac59fd2a262ca9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1edd6e93c7b18f52341f30718c306130857180a4861af722a7ac59fd2a262ca9
Size

256KB
Sample

221231-xsnxqaad35
MD5

aefb673de3f1b81dc503dd92f81aa9bc
SHA1

2830c1ef2829d282f6c4028a66244820a0965485
SHA256

1edd6e93c7b18f52341f30718c306130857180a4861af722a7ac59fd2a262ca9
SHA512

727a036db8b8ee8954e288494992236867fa26fa8f56e8d09bcad3fbd1e8b4b3e6cd4df9d4273e2edc6d54ba299438836d1dcebe2887cdf9786674f0d81e5e6a
SSDEEP

3072:PC4KBQHlfLZJ4QfSRlYKqebZ0fbTEyeZg7hZ1Iemqtr27hZY:OcfLkQfCHhaqZ81eymZY

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

1edd6e93c7b18f52341f30718c306130857180a4861af722a7ac59fd2a262ca9.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  1edd6e93c7b18f52341f30718c306130857180a4861af722a7ac59fd2a262ca9
- Size
  
  256KB
- MD5
  
  aefb673de3f1b81dc503dd92f81aa9bc
- SHA1
  
  2830c1ef2829d282f6c4028a66244820a0965485
- SHA256
  
  1edd6e93c7b18f52341f30718c306130857180a4861af722a7ac59fd2a262ca9
- SHA512
  
  727a036db8b8ee8954e288494992236867fa26fa8f56e8d09bcad3fbd1e8b4b3e6cd4df9d4273e2edc6d54ba299438836d1dcebe2887cdf9786674f0d81e5e6a
- SSDEEP
  
  3072:PC4KBQHlfLZJ4QfSRlYKqebZ0fbTEyeZg7hZ1Iemqtr27hZY:OcfLkQfCHhaqZ81eymZY
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy