smokeloader | af895e7f5882dca4a060926123ccf4106a2be04edb881f5f8ca478fc515430ec | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

c39bdf652e...5c.exe

windows7-x64

c39bdf652e...5c.exe

windows10-2004-x64

Sharing

General

Target

b003e5021d31ff60e3a105c4cd440ab0.bin
Size

140KB
Sample

230213-cblqtaaa86
MD5

9213efe9d1835e38dd65dea587817e68
SHA1

663de07f3a6deef1ccbdfa10e94bfcd68bcb4cb8
SHA256

af895e7f5882dca4a060926123ccf4106a2be04edb881f5f8ca478fc515430ec
SHA512

692bf19a7e2fb6309d506c7aeb9cfd7141937ac6d5adf07b76d8d66f4a29a14b1f30ec8e88174ac4efef292520037a65ee10d76af3ceaeb11334354822753786
SSDEEP

3072:eSCe7HtxlfUOkHrhmZ81lbnAvh8Kw+5UkM6+qWrNgimcOfAu8s:eSpbtrfURrhmZ81lbnAvh1UkM6+hDAGs

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

c39bdf652e6adff9831bcfb3fa9e0a420f38850641a45e49767a6202c64ee95c.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c39bdf652e6adff9831bcfb3fa9e0a420f38850641a45e49767a6202c64ee95c.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c39bdf652e6adff9831bcfb3fa9e0a420f38850641a45e49767a6202c64ee95c.exe
- Size
  
  197KB
- MD5
  
  b003e5021d31ff60e3a105c4cd440ab0
- SHA1
  
  9ed273b0968780f2500372adc2036f8e8ee45c8b
- SHA256
  
  c39bdf652e6adff9831bcfb3fa9e0a420f38850641a45e49767a6202c64ee95c
- SHA512
  
  37ef1868a5cc68dad31707fc98fc8ea7f1219b77467b17ea07523717719cc88b14b4ff0f608e251c90272026a675680e07245db3edc281e9aa63daeb7e29f4a9
- SSDEEP
  
  3072:tjqxs+0JyOa5Cs9eQkTwu6HnrzjMXhJ5hgMhk++7Y0ZdActG:tGyRPs9eQsdsnrzuJ8sj4rAc
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy