smokeloader | 189b68dca1a8e4d0ec372e03b3442d09aff6b73928155ec9d4546ef6006427c3 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

278KB
Sample

230109-larp4sdf74
MD5

6ea210bfd858868cd3d16e3c0e5284d4
SHA1

1ed4eab42076ddbd524b701ab345b882a5c19eea
SHA256

189b68dca1a8e4d0ec372e03b3442d09aff6b73928155ec9d4546ef6006427c3
SHA512

961fd229491703fa0fb0619815b7ce80341ffa17b3994a272124d1ed85617c2b68c6de133c9827143bdc6c46db608f32479946ede83329923182dd8a389e6c3d
SSDEEP

3072:7XOWy2p2EapL3dMel5cDX2mgJN4/R2nEYSSMSACdmEF2xU9Q/Wl:Tzp2E4LNF0U4ZK3dzF2xU9y

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

smokeloader backdoor trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  278KB
- MD5
  
  6ea210bfd858868cd3d16e3c0e5284d4
- SHA1
  
  1ed4eab42076ddbd524b701ab345b882a5c19eea
- SHA256
  
  189b68dca1a8e4d0ec372e03b3442d09aff6b73928155ec9d4546ef6006427c3
- SHA512
  
  961fd229491703fa0fb0619815b7ce80341ffa17b3994a272124d1ed85617c2b68c6de133c9827143bdc6c46db608f32479946ede83329923182dd8a389e6c3d
- SSDEEP
  
  3072:7XOWy2p2EapL3dMel5cDX2mgJN4/R2nEYSSMSACdmEF2xU9Q/Wl:Tzp2E4LNF0U4ZK3dzF2xU9y
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy