smokeloader | 9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b
Size

193KB
Sample

230215-d1xp2shh73
MD5

955226b512ca0f7eed2e9cbcbb426b5f
SHA1

dedb3a694680d09945ed510a37999fae02c2ad0b
SHA256

9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b
SHA512

f733d7885af68c6dcfdd987f6da913647f1db27701a13853bb3e533e3d1f451c1e9548f6655aac6d3870216a3d798aa6d21b5f9136fd703acb0bf3e22e546e5a
SSDEEP

3072:rhNoc+LSCON5aeuY2n15TZvY1EZbsIQ/K9rpqmbCIfm9EHVW4k:qLvOaHYg1VVgE8/K9omAEHVRk

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b
- Size
  
  193KB
- MD5
  
  955226b512ca0f7eed2e9cbcbb426b5f
- SHA1
  
  dedb3a694680d09945ed510a37999fae02c2ad0b
- SHA256
  
  9fe2f22ddcc6dc5dee230c6df02c24bada60c299994b6b19286ec55e1290675b
- SHA512
  
  f733d7885af68c6dcfdd987f6da913647f1db27701a13853bb3e533e3d1f451c1e9548f6655aac6d3870216a3d798aa6d21b5f9136fd703acb0bf3e22e546e5a
- SSDEEP
  
  3072:rhNoc+LSCON5aeuY2n15TZvY1EZbsIQ/K9rpqmbCIfm9EHVW4k:qLvOaHYg1VVgE8/K9omAEHVRk
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan