smokeloader | 13f9ac6e33d48265ffd25ab2771999227fb5d62bda69ef703bb03a731d931228 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

4ebbc65cd3...e0.exe

windows7-x64

4ebbc65cd3...e0.exe

windows10-2004-x64

Sharing

General

Target

e3cc54e5d99715a303d8d1f132d41b74.bin
Size

131KB
Sample

230217-b4865scg3t
MD5

7e16bde64b88a27df40e2f2496a86022
SHA1

a3bb001d77e8fb79c1d77f9475a081057e2a04b4
SHA256

13f9ac6e33d48265ffd25ab2771999227fb5d62bda69ef703bb03a731d931228
SHA512

fdfb14335b864ff6f8a2057f75c336e69f60f66a3d437b3979c60f398aff9a939531d2164cf0037d95986a44b471de029b51b07c53f98490b56f1ae8bc70959a
SSDEEP

3072:gyrwcmzzPdJmhsbKQUGWVaGCkvBtbsFl/AU3j/JNE2qX6oAURPS1SOygD:gT6h2KjykvDsFfzBO6oFRPS1ryO

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

4ebbc65cd30575e8038548f3c177561effa9a09c53eb3d48378dbc9c02424de0.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ebbc65cd30575e8038548f3c177561effa9a09c53eb3d48378dbc9c02424de0.exe

Resource

win10v2004-20221111-en

smokeloader backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  4ebbc65cd30575e8038548f3c177561effa9a09c53eb3d48378dbc9c02424de0.exe
- Size
  
  189KB
- MD5
  
  e3cc54e5d99715a303d8d1f132d41b74
- SHA1
  
  07446a740b9efe1e9f435f4fed17279764ccc27a
- SHA256
  
  4ebbc65cd30575e8038548f3c177561effa9a09c53eb3d48378dbc9c02424de0
- SHA512
  
  be61efcb91ed7cfe9576dd4eeb6aa3d85ff98bf9d2520724990985d41d3e0be4d6cdeffaf2131e49520befb85238f8a8243150a67d829a612cd2aa36b212a9de
- SSDEEP
  
  3072:MHu4cC9ZyKds25YwFfzeefYucmYv6ueIRXp+Q6aaaauDUW:mVcCyKdsskefArX+Q6aaaa
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy