smokeloader | cef0a97ab84a4b4239d22008c571317702775eb85799e544bc1cb13f2aa5ea73 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

cef0a97ab84a4b4239d22008c571317702775eb85799e544bc1cb13f2aa5ea73
Size

239KB
Sample

230101-dejajaec7v
MD5

f0d2a2754e33271df9ed6ad63ae59cd9
SHA1

ab7205ae24c163bcf533cf24ee49d3c9df2994cf
SHA256

cef0a97ab84a4b4239d22008c571317702775eb85799e544bc1cb13f2aa5ea73
SHA512

7e2f1ca22f8ce25fe2076db33194ca65677db52c6dd6b838e02b8a9950183d437f35e392079d5f8660e25628a054f7f710e983a639ad0271b7f67886aa7bdfcd
SSDEEP

3072:3kXSzOsCMLXmM3EKgs5LiQfD39Erus8rs773lHPAmqIaR27hZY:Q0LfEKga9fD3yus8rs33lTOsZY

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cef0a97ab84a4b4239d22008c571317702775eb85799e544bc1cb13f2aa5ea73.exe

Resource

win10v2004-20221111-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  cef0a97ab84a4b4239d22008c571317702775eb85799e544bc1cb13f2aa5ea73
- Size
  
  239KB
- MD5
  
  f0d2a2754e33271df9ed6ad63ae59cd9
- SHA1
  
  ab7205ae24c163bcf533cf24ee49d3c9df2994cf
- SHA256
  
  cef0a97ab84a4b4239d22008c571317702775eb85799e544bc1cb13f2aa5ea73
- SHA512
  
  7e2f1ca22f8ce25fe2076db33194ca65677db52c6dd6b838e02b8a9950183d437f35e392079d5f8660e25628a054f7f710e983a639ad0271b7f67886aa7bdfcd
- SSDEEP
  
  3072:3kXSzOsCMLXmM3EKgs5LiQfD39Erus8rs773lHPAmqIaR27hZY:Q0LfEKga9fD3yus8rs33lTOsZY
Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy