smokeloader | 715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030 | Triage

Submit
Reports

Overview

overview

Static

static

715913ccfa...30.exe

windows7-x64

715913ccfa...30.exe

windows10-2004-x64

Resubmissions

04/01/2023, 23:55

230104-3ymjqsaa85 10

04/01/2023, 23:03

230104-21mrvadd8v 10

Sharing

Copy URL Twitter E-mail

General

Target

715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030
Size

365KB
Sample

230104-3ymjqsaa85
MD5

596d21bbe19d67ea9056ca1d63752fb3
SHA1

431220aa4cde4cbaa161506e39b4835f3b3ae52e
SHA256

715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030
SHA512

4dd9a2f386369779fef9bf38665bab113a4761b862c102c894f6d8605895a270f6c6048568524029e6910a153dd3cf4d1db09b91c5d2ae1698e2f382001fd3fa
SSDEEP

3072:y6XMnvHLCVR14P5pPSs/djFiUq8diov2bdZF4F0zf8jdA4upFldiLLkGH/lPiXY9:9MfLCV4bndFiUqQepPfoxupmLz/jTl

Score

10^/10

smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030.exe

Resource

win10v2004-20221111-en

smokeloader backdoor spyware stealer trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030
- Size
  
  365KB
- MD5
  
  596d21bbe19d67ea9056ca1d63752fb3
- SHA1
  
  431220aa4cde4cbaa161506e39b4835f3b3ae52e
- SHA256
  
  715913ccfa78aae131126d5b2bfb80c74130a8273882064b6c7b5037a723a030
- SHA512
  
  4dd9a2f386369779fef9bf38665bab113a4761b862c102c894f6d8605895a270f6c6048568524029e6910a153dd3cf4d1db09b91c5d2ae1698e2f382001fd3fa
- SSDEEP
  
  3072:y6XMnvHLCVR14P5pPSs/djFiUq8diov2bdZF4F0zf8jdA4upFldiLLkGH/lPiXY9:9MfLCV4bndFiUqQepPfoxupmLz/jTl
Score

10^/10

smokeloader backdoor trojan spyware stealer
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorspywarestealertrojan

© 2018-2025

Terms | Privacy