smokeloader | 073e8e379cfda6d66a7bd7823a08a84fac7ca1aef34b2a962e2f60001ca8d1b9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

073e8e379cfda6d66a7bd7823a08a84fac7ca1aef34b2a962e2f60001ca8d1b9
Size

284KB
Sample

230113-qbj4waha88
MD5

9a827b95feb18e878b09adb8d592c1be
SHA1

62334ae86fb6ac4482f82e1ffc6b1835427c2ba4
SHA256

073e8e379cfda6d66a7bd7823a08a84fac7ca1aef34b2a962e2f60001ca8d1b9
SHA512

a250fed9e71f51be7711240a7a42333c86940ca1fa36771d930db3d76780989e0df3f5e60b15f103b5e8a003bf253b5d2dcd235355faa024cb942fa91c8add97
SSDEEP

6144:E3+q7RLTyLkns8gIM72HcF9SlJZ9tzrSA3Wb:E3+q7R/yLN12HcUZ9P3Wb

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

073e8e379cfda6d66a7bd7823a08a84fac7ca1aef34b2a962e2f60001ca8d1b9.exe

Resource

win10v2004-20221111-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  073e8e379cfda6d66a7bd7823a08a84fac7ca1aef34b2a962e2f60001ca8d1b9
- Size
  
  284KB
- MD5
  
  9a827b95feb18e878b09adb8d592c1be
- SHA1
  
  62334ae86fb6ac4482f82e1ffc6b1835427c2ba4
- SHA256
  
  073e8e379cfda6d66a7bd7823a08a84fac7ca1aef34b2a962e2f60001ca8d1b9
- SHA512
  
  a250fed9e71f51be7711240a7a42333c86940ca1fa36771d930db3d76780989e0df3f5e60b15f103b5e8a003bf253b5d2dcd235355faa024cb942fa91c8add97
- SSDEEP
  
  6144:E3+q7RLTyLkns8gIM72HcF9SlJZ9tzrSA3Wb:E3+q7R/yLN12HcUZ9P3Wb
Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy