smokeloader | 084c0aa92e9a0cc7c14f9bf1215cc72f56aabb22d8ec7283abf77d4be03c7c98 | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

195KB
Sample

230203-g4ycjafb8x
MD5

56100628ee1fd29a772db64eed2abc96
SHA1

57a0687e2cdbd11e503bdb08069a271d5ff47647
SHA256

084c0aa92e9a0cc7c14f9bf1215cc72f56aabb22d8ec7283abf77d4be03c7c98
SHA512

4852cbca0b713af5cd73b11234179f2f0543037b479346a7c26a18842b51e50cb7acc71451ae7dee292946841c09cf9ecf520a145601727825a139aaacd37e77
SSDEEP

3072:BHlXwFpRDUWLx83cWS258ofxhi0EfKXMHDSSyefBISTXHUUngGw:BHl6lLx83cHjsEfBH9ZISTX02hw

Score

10^/10

smokeloader backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

smokeloader backdoor persistence trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  195KB
- MD5
  
  56100628ee1fd29a772db64eed2abc96
- SHA1
  
  57a0687e2cdbd11e503bdb08069a271d5ff47647
- SHA256
  
  084c0aa92e9a0cc7c14f9bf1215cc72f56aabb22d8ec7283abf77d4be03c7c98
- SHA512
  
  4852cbca0b713af5cd73b11234179f2f0543037b479346a7c26a18842b51e50cb7acc71451ae7dee292946841c09cf9ecf520a145601727825a139aaacd37e77
- SSDEEP
  
  3072:BHlXwFpRDUWLx83cWS258ofxhi0EfKXMHDSSyefBISTXHUUngGw:BHl6lLx83cHjsEfBH9ZISTX02hw
Score

10^/10

smokeloader backdoor trojan persistence
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorpersistencetrojan

© 2018-2025

Terms | Privacy