smokeloader | 5973dedbf533fbeb4e128cbd54826186981653db4567cbf6c6a3ccc304a89acd | Triage

Sharing

General

Target

5973dedbf533fbeb4e128cbd54826186981653db4567cbf6c6a3ccc304a89acd
Size

253KB
Sample

230217-d3rltada81
MD5

a76938c60df194dc3effdb39bc4521f4
SHA1

3b09c1b30bbcece23520f585711956cf21c8b6db
SHA256

5973dedbf533fbeb4e128cbd54826186981653db4567cbf6c6a3ccc304a89acd
SHA512

895f053d7e377f57031afb149ddce701d629ca524a9c6e22953795f991840f9552bcf58fd184671987d678438faecb6e6894fd4e22e925ebc1104ef87b3fd52d
SSDEEP

3072:abzC/0KnL2pENOyboo4g3OVkV5O8Ha6Ud041FoWckhPBIjzn7NSC6OHPVCuNv:MG/0ILJOkvaKws41jck8fFHf

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  5973dedbf533fbeb4e128cbd54826186981653db4567cbf6c6a3ccc304a89acd
- Size
  
  253KB
- MD5
  
  a76938c60df194dc3effdb39bc4521f4
- SHA1
  
  3b09c1b30bbcece23520f585711956cf21c8b6db
- SHA256
  
  5973dedbf533fbeb4e128cbd54826186981653db4567cbf6c6a3ccc304a89acd
- SHA512
  
  895f053d7e377f57031afb149ddce701d629ca524a9c6e22953795f991840f9552bcf58fd184671987d678438faecb6e6894fd4e22e925ebc1104ef87b3fd52d
- SSDEEP
  
  3072:abzC/0KnL2pENOyboo4g3OVkV5O8Ha6Ud041FoWckhPBIjzn7NSC6OHPVCuNv:MG/0ILJOkvaKws41jck8fFHf
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan