Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010
Size

300KB
Sample

230206-yxv29sah9z
MD5

fc87209b84bf6633891b3b326c439fbc
SHA1

15db6ca92e03ab147dcd713190901a891823d67f
SHA256

78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010
SHA512

a1d329fcfd82ee558bcaffe1f63351e62b147caaa3580477a7d2b05fdcdeeb1f2e9cf5c7e2de48b16440fa0bc39ff62a6b75175e50c57c6f25036f70eebb1c0f
SSDEEP

3072:ClNib6bhxLKVXRGXpf6aCLyKo3SW1+YmNAI917EquQjiMTE5sThCgafj:CGqxLQk5fGL1oiO+YmJduQj9PTwga

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010
- Size
  
  300KB
- MD5
  
  fc87209b84bf6633891b3b326c439fbc
- SHA1
  
  15db6ca92e03ab147dcd713190901a891823d67f
- SHA256
  
  78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010
- SHA512
  
  a1d329fcfd82ee558bcaffe1f63351e62b147caaa3580477a7d2b05fdcdeeb1f2e9cf5c7e2de48b16440fa0bc39ff62a6b75175e50c57c6f25036f70eebb1c0f
- SSDEEP
  
  3072:ClNib6bhxLKVXRGXpf6aCLyKo3SW1+YmNAI917EquQjiMTE5sThCgafj:CGqxLQk5fGL1oiO+YmJduQj9PTwga
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

smokeloaderbackdoortrojan