smokeloader | 911f782875fadb4acced0ff282a43fdbe7b5769213d29c3454bf5e7f37019060 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

911f782875fadb4acced0ff282a43fdbe7b5769213d29c3454bf5e7f37019060
Size

193KB
Sample

230203-ncl9hsac4w
MD5

5f12ec84f26e3b42f5faefd6d98f55f8
SHA1

866b790923d49b969f6ae9b465ae64be14db74cd
SHA256

911f782875fadb4acced0ff282a43fdbe7b5769213d29c3454bf5e7f37019060
SHA512

bf4a74b30b5b7a6a3fffe2191d3167ebeebd1de4f19ea0e2c29de7929fda305499644d4f80f3727ca13f5f32252d7be1ea6ada0c20fa6e97c8b4b3c5e5af57a3
SSDEEP

3072:H2o8uVTLjLcTDWH0nOWJvQ5RycLu70JdkpT6bYIzXnqJV/kCLWVjrhi:H2cjLiDWUnOryH70Jke7GJVPaVvhi

Score

10^/10

smokeloader backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

911f782875fadb4acced0ff282a43fdbe7b5769213d29c3454bf5e7f37019060.exe

Resource

win10v2004-20221111-en

smokeloader backdoor persistence trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  911f782875fadb4acced0ff282a43fdbe7b5769213d29c3454bf5e7f37019060
- Size
  
  193KB
- MD5
  
  5f12ec84f26e3b42f5faefd6d98f55f8
- SHA1
  
  866b790923d49b969f6ae9b465ae64be14db74cd
- SHA256
  
  911f782875fadb4acced0ff282a43fdbe7b5769213d29c3454bf5e7f37019060
- SHA512
  
  bf4a74b30b5b7a6a3fffe2191d3167ebeebd1de4f19ea0e2c29de7929fda305499644d4f80f3727ca13f5f32252d7be1ea6ada0c20fa6e97c8b4b3c5e5af57a3
- SSDEEP
  
  3072:H2o8uVTLjLcTDWH0nOWJvQ5RycLu70JdkpT6bYIzXnqJV/kCLWVjrhi:H2cjLiDWUnOryH70Jke7GJVPaVvhi
Score

10^/10

smokeloader backdoor persistence trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan

© 2018-2024

Terms | Privacy