smokeloader | d522a2afd51e06415121bdb9086b1184203f2d102d5e11f105942384a0fe6926 | Triage

Sharing

General

Target

d522a2afd51e06415121bdb9086b1184203f2d102d5e11f105942384a0fe6926
Size

252KB
Sample

230217-bh2j6scf2s
MD5

67e18e5dba3b7af185f1f5f555727f2a
SHA1

d927f201c3f52341624da9414f4efdec1dbe191c
SHA256

d522a2afd51e06415121bdb9086b1184203f2d102d5e11f105942384a0fe6926
SHA512

ba03f854cf2753200d950a40b1b7af800efccf2fa28e7cb68b4913053095273ba73902b3bddd89aca3ba496b52e1fa9f921b75a6209d03911d185bbfef32eec6
SSDEEP

3072:CbQnrBNL1pE1GBhboo4g0xg4nCmoiTq+G90xHHPV0v:0YrjLUGJv0tnCmRTW4HHK

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  d522a2afd51e06415121bdb9086b1184203f2d102d5e11f105942384a0fe6926
- Size
  
  252KB
- MD5
  
  67e18e5dba3b7af185f1f5f555727f2a
- SHA1
  
  d927f201c3f52341624da9414f4efdec1dbe191c
- SHA256
  
  d522a2afd51e06415121bdb9086b1184203f2d102d5e11f105942384a0fe6926
- SHA512
  
  ba03f854cf2753200d950a40b1b7af800efccf2fa28e7cb68b4913053095273ba73902b3bddd89aca3ba496b52e1fa9f921b75a6209d03911d185bbfef32eec6
- SSDEEP
  
  3072:CbQnrBNL1pE1GBhboo4g0xg4nCmoiTq+G90xHHPV0v:0YrjLUGJv0tnCmRTW4HHK
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan