smokeloader | b2e449dd5938e3461527526ba950af67894c6c3a3b01f79aa2a0d38cc64327b0 | Triage

Submit
Reports

Overview

overview

Static

static

05e29acaed...90.exe

windows7-x64

05e29acaed...90.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

05e29acaed866ce861227e4e0a287890.exe
Size

316KB
Sample

230202-pdq5jaab4t
MD5

05e29acaed866ce861227e4e0a287890
SHA1

87558dd11c4cd704566877cb2fb8e0f1fb71d59a
SHA256

b2e449dd5938e3461527526ba950af67894c6c3a3b01f79aa2a0d38cc64327b0
SHA512

9e917589bd05c8e6f45d50f947b522bad0327d076140c38432de8fb912ff1922d1be1130b97d3fb65a03b018488856cd1e3db046c4837fc1aa65ad51ee329372
SSDEEP

6144:4wL7M7b9k5actb6E9mpC2x8zw6EG6L9/CJTk637eQfnd5wYoB:p+bS5act0OzgG6L9CJb7d5wY

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

05e29acaed866ce861227e4e0a287890.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

05e29acaed866ce861227e4e0a287890.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  05e29acaed866ce861227e4e0a287890.exe
- Size
  
  316KB
- MD5
  
  05e29acaed866ce861227e4e0a287890
- SHA1
  
  87558dd11c4cd704566877cb2fb8e0f1fb71d59a
- SHA256
  
  b2e449dd5938e3461527526ba950af67894c6c3a3b01f79aa2a0d38cc64327b0
- SHA512
  
  9e917589bd05c8e6f45d50f947b522bad0327d076140c38432de8fb912ff1922d1be1130b97d3fb65a03b018488856cd1e3db046c4837fc1aa65ad51ee329372
- SSDEEP
  
  6144:4wL7M7b9k5actb6E9mpC2x8zw6EG6L9/CJTk637eQfnd5wYoB:p+bS5act0OzgG6L9CJb7d5wY
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy