Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

file.exe
Size

341KB
Sample

230125-md8ngahd3w
MD5

233c8fb34be6191c517d14f49ecbdf67
SHA1

e166c4e5dd9cd730da70f8107da227358359cfcb
SHA256

f22786a37967bb75c2236e0c5718db4deeaa3ab46772b8230525f021c9d23caa
SHA512

ae80151c66d37542e2ce23e5d2953765848f9e5ea4b503f38d22e6fffe8a282ad86f8cc0cbf2351a1f98d7ab453619fd486be8f743a88d45313592ada47eef0d
SSDEEP

6144:ODLCug/OKNbC/hLCS0R0Ppbz5Djq7VWRFBMolz90XfkT:aGJ18/8STpvY7VWR5lz+Q

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  341KB
- MD5
  
  233c8fb34be6191c517d14f49ecbdf67
- SHA1
  
  e166c4e5dd9cd730da70f8107da227358359cfcb
- SHA256
  
  f22786a37967bb75c2236e0c5718db4deeaa3ab46772b8230525f021c9d23caa
- SHA512
  
  ae80151c66d37542e2ce23e5d2953765848f9e5ea4b503f38d22e6fffe8a282ad86f8cc0cbf2351a1f98d7ab453619fd486be8f743a88d45313592ada47eef0d
- SSDEEP
  
  6144:ODLCug/OKNbC/hLCS0R0Ppbz5Djq7VWRFBMolz90XfkT:aGJ18/8STpvY7VWR5lz+Q
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan