Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

file.exe
Size

300KB
Sample

230206-zle3cafg98
MD5

0f700e4b1a6487ac2aa66a4364fa1d49
SHA1

be348e7999158ed52fb5c01d601152930c28dbfc
SHA256

fb7ea2b876c6a5352336f12df2b4029fc06aea96b70b0e8be560ebecd943026c
SHA512

6472512a879ca1a872f8181214ba0078fcf128a17cdc71e23d0b8c21fde5f9ef39d4383838aa06568e79a0258997fedc04edf8dafc2486eb5d80d03fd4365692
SSDEEP

3072:C5Ob6bxOkLsZDRGXDeRTHK3TSFK2adEPDGsuQjiMTE5i6ydk4qafZi:CM63LogTeRGDSUFOysuQj9Pjqah

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  300KB
- MD5
  
  0f700e4b1a6487ac2aa66a4364fa1d49
- SHA1
  
  be348e7999158ed52fb5c01d601152930c28dbfc
- SHA256
  
  fb7ea2b876c6a5352336f12df2b4029fc06aea96b70b0e8be560ebecd943026c
- SHA512
  
  6472512a879ca1a872f8181214ba0078fcf128a17cdc71e23d0b8c21fde5f9ef39d4383838aa06568e79a0258997fedc04edf8dafc2486eb5d80d03fd4365692
- SSDEEP
  
  3072:C5Ob6bxOkLsZDRGXDeRTHK3TSFK2adEPDGsuQjiMTE5i6ydk4qafZi:CM63LogTeRGDSUFOysuQj9Pjqah
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan