smokeloader | ee34d9e169ae3453ca6d4281688790d1bf7c70c028cf95c11ef3a022df6ab7dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d0be4a59646b05eddd1523bcec11a6189320c2e3d826e1d0c4afd7219f719cf
Size

139KB
Sample

230215-j6md6aah92
MD5

b7e733356d445e4030c5f28ccff20333
SHA1

5ccb61a428eb49dd97bf5d02af227a1b8e882d1a
SHA256

ee34d9e169ae3453ca6d4281688790d1bf7c70c028cf95c11ef3a022df6ab7dd
SHA512

1fb66e2acaae5d0711b79de2f2ac7ef7b73e3939716689abe61a812dfd4dd9c88e8423b54b98d80087102e0aab00bd55470c0f406798947c2a4094e5c8ee1f08
SSDEEP

3072:OVmMcP1azWLDAJvdAe5dgRzam3s/N/zeWS9fAMzLE0oAQM8x+rUg2H:O0tCoyOeURzpc/N/gfAYJQBrj

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  8d0be4a59646b05eddd1523bcec11a6189320c2e3d826e1d0c4afd7219f719cf
- Size
  
  193KB
- MD5
  
  00b11743b1d6c9babf479b7a028d26a8
- SHA1
  
  2f55cc18c4afc152ce876c9163b388a49ae86ada
- SHA256
  
  8d0be4a59646b05eddd1523bcec11a6189320c2e3d826e1d0c4afd7219f719cf
- SHA512
  
  f3e909aa322cb2322dcda1cf7eea2e0cf1b6b02df2416397e66482fd618f2c497b1e70fb163b4a13cc3660d0a107f87d9fcf5963da3a394464b8927344fa3a86
- SSDEEP
  
  3072:vjNIjmLt5zqz5aejIDiCL7fOhoeWS9fAMzLE05IaihOPusa:9LnqsHiCLmNfAYKn
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan