smokeloader | a6776ef1e46363fca58f61d924df96207149ee3a227c2fc99196ed558729e146 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

a6776ef1e46363fca58f61d924df96207149ee3a227c2fc99196ed558729e146
Size

320KB
Sample

230111-x4433saa2t
MD5

89f15d802bf38669f08e968c540f84fa
SHA1

150297e4b855520daef7bc08057433af8f89545c
SHA256

a6776ef1e46363fca58f61d924df96207149ee3a227c2fc99196ed558729e146
SHA512

38664eb504d1a50cca53dedbcaf94192e93fcc285e11442149f896ad82afb988280697e6ac12f23b54a386e73112ffb8e82aa438261494bafd843b01fd74ed93
SSDEEP

6144:y74vkD9LxF5p2eoM/vri4UjPlP3Zi5bcxFzC:GCkD9B0M/vrXUh3Zixc

Score

10^/10

smokeloader backdoor spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a6776ef1e46363fca58f61d924df96207149ee3a227c2fc99196ed558729e146.exe

Resource

win10-20220812-en

smokeloader backdoor spyware stealer trojan

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  a6776ef1e46363fca58f61d924df96207149ee3a227c2fc99196ed558729e146
- Size
  
  320KB
- MD5
  
  89f15d802bf38669f08e968c540f84fa
- SHA1
  
  150297e4b855520daef7bc08057433af8f89545c
- SHA256
  
  a6776ef1e46363fca58f61d924df96207149ee3a227c2fc99196ed558729e146
- SHA512
  
  38664eb504d1a50cca53dedbcaf94192e93fcc285e11442149f896ad82afb988280697e6ac12f23b54a386e73112ffb8e82aa438261494bafd843b01fd74ed93
- SSDEEP
  
  6144:y74vkD9LxF5p2eoM/vri4UjPlP3Zi5bcxFzC:GCkD9B0M/vrXUh3Zixc
Score

10^/10

smokeloader backdoor spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorspywarestealertrojan

© 2018-2025

Terms | Privacy