smokeloader | 94dcd9eb97aa7ef0957f20728ef38d1b95c9fc6f16c1467c752e019046ea882b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

7c2b7f94b5...ec.exe

windows7-x64

7c2b7f94b5...ec.exe

windows10-2004-x64

Sharing

General

Target

7c2b7f94b57d15b6f5f4ed31a96cc0ec.exe
Size

285KB
Sample

230207-lkb3eaah29
MD5

7c2b7f94b57d15b6f5f4ed31a96cc0ec
SHA1

51ec2b8292ae25dc53c1bb96722228c612651e05
SHA256

94dcd9eb97aa7ef0957f20728ef38d1b95c9fc6f16c1467c752e019046ea882b
SHA512

9dd76b03f6866ca792b6a906f69339ce9bf22ce61e21318f72c745e32619fc8d47a664f3ab68b5a0aba98574650d7189e7d74c656ef46d7f3f72ebe480041cec
SSDEEP

6144:SOe7vYYo2U4YRNNbKL4pTYdkhVoi4Fc+dVkR52:SNvYYowYtiisdkEDFc+7kr2

Score

10^/10

smokeloader backdoor collection trojan

Static task

static1

Behavioral task

behavioral1

Sample

7c2b7f94b57d15b6f5f4ed31a96cc0ec.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c2b7f94b57d15b6f5f4ed31a96cc0ec.exe

Resource

win10v2004-20221111-en

smokeloader backdoor collection trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7c2b7f94b57d15b6f5f4ed31a96cc0ec.exe
- Size
  
  285KB
- MD5
  
  7c2b7f94b57d15b6f5f4ed31a96cc0ec
- SHA1
  
  51ec2b8292ae25dc53c1bb96722228c612651e05
- SHA256
  
  94dcd9eb97aa7ef0957f20728ef38d1b95c9fc6f16c1467c752e019046ea882b
- SHA512
  
  9dd76b03f6866ca792b6a906f69339ce9bf22ce61e21318f72c745e32619fc8d47a664f3ab68b5a0aba98574650d7189e7d74c656ef46d7f3f72ebe480041cec
- SSDEEP
  
  6144:SOe7vYYo2U4YRNNbKL4pTYdkhVoi4Fc+dVkR52:SNvYYowYtiisdkEDFc+7kr2
Score

10^/10

smokeloader backdoor trojan collection
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoorcollectiontrojan

© 2018-2025

Terms | Privacy