smokeloader | 6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690
Size

327KB
Sample

230111-pb88bsca28
MD5

517bbd12525eb7512758c6b2d8e989e6
SHA1

2be931f4dba7b0eb558ee4dc162a602ef4939212
SHA256

6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690
SHA512

7d1495d38f51fe40582c932bec31b07583ed4f55ba96ef46476080ca002105d0476d7d6a3241a79d2f232d855bce20a2333631b0f6c9ac49009d45edecc0738e
SSDEEP

6144:C/d5XLV4HxrAxdSMW7G64yyNES5byDqCFNsY6:C/rV4HxOdxnyxOC4Y

Score

10^/10

smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690.exe

Resource

win10v2004-20221111-en

smokeloader backdoor spyware stealer trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690
- Size
  
  327KB
- MD5
  
  517bbd12525eb7512758c6b2d8e989e6
- SHA1
  
  2be931f4dba7b0eb558ee4dc162a602ef4939212
- SHA256
  
  6d1085ca99904e2f7d26eb2e2b040929c00d5a3d6e39437b53b6b7aaab8bd690
- SHA512
  
  7d1495d38f51fe40582c932bec31b07583ed4f55ba96ef46476080ca002105d0476d7d6a3241a79d2f232d855bce20a2333631b0f6c9ac49009d45edecc0738e
- SSDEEP
  
  6144:C/d5XLV4HxrAxdSMW7G64yyNES5byDqCFNsY6:C/rV4HxOdxnyxOC4Y
Score

10^/10

smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorspywarestealertrojan

© 2018-2025

Terms | Privacy