smokeloader | 6051d57a165c6a547e46aeb754353677b40c582992b9fc314719a5bc3127473e | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

6051d57a165c6a547e46aeb754353677b40c582992b9fc314719a5bc3127473e
Size

319KB
Sample

230206-tmp12saa41
MD5

f9bfad174419acefcd457f9f78cd1af7
SHA1

ec0e54614f01ea5358aa79bbc4a6a72011f59321
SHA256

6051d57a165c6a547e46aeb754353677b40c582992b9fc314719a5bc3127473e
SHA512

b32a9c2dca3f2815a4612adc87256e4da7f8c2bf56418571b3d41f29ba65ba5f17e0064c842640592e6a3def88e137ea078c0fccfac0501b61a233a89394b402
SSDEEP

6144:91L8TURE422B/RaZur8PxxSBxHClRkd45Cj:91yUDRRaZOBEm

Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6051d57a165c6a547e46aeb754353677b40c582992b9fc314719a5bc3127473e.exe

Resource

win10v2004-20220812-en

smokeloader backdoor collection discovery spyware stealer trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  6051d57a165c6a547e46aeb754353677b40c582992b9fc314719a5bc3127473e
- Size
  
  319KB
- MD5
  
  f9bfad174419acefcd457f9f78cd1af7
- SHA1
  
  ec0e54614f01ea5358aa79bbc4a6a72011f59321
- SHA256
  
  6051d57a165c6a547e46aeb754353677b40c582992b9fc314719a5bc3127473e
- SHA512
  
  b32a9c2dca3f2815a4612adc87256e4da7f8c2bf56418571b3d41f29ba65ba5f17e0064c842640592e6a3def88e137ea078c0fccfac0501b61a233a89394b402
- SSDEEP
  
  6144:91L8TURE422B/RaZur8PxxSBxHClRkd45Cj:91yUDRRaZOBEm
Score

10^/10

smokeloader backdoor collection discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy