smokeloader | 68e00e2f71b7ae7c1124426680d387223bdde400865d1c5a6b90b296f7fcc628 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

68e00e2f71b7ae7c1124426680d387223bdde400865d1c5a6b90b296f7fcc628
Size

167KB
Sample

230221-maewzsgc5x
MD5

1345f8eb15a6270dc2813925e753f298
SHA1

25bedbfa4934c2d91058a9b1f1d2c2703e7bdc2f
SHA256

68e00e2f71b7ae7c1124426680d387223bdde400865d1c5a6b90b296f7fcc628
SHA512

c1b6e60566d6388d7e656c28afd241a0678666b5efca431ff8d1173631eb511e27877d2047d356ccad1ef38fa3b5ceec958840021d4e580be576e006c7004ded
SSDEEP

3072:UKruHcjlP82XYPNp/3SGuaLkvoqh9WmF4PKSRlL7o15YwKm1kiC4+99zXmUhs5fG:UUuHcmjlp/iGu7v5ePKSjvo1TKmWR4+z

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

68e00e2f71b7ae7c1124426680d387223bdde400865d1c5a6b90b296f7fcc628.exe

Resource

win10v2004-20230221-en

smokeloader backdoor trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  68e00e2f71b7ae7c1124426680d387223bdde400865d1c5a6b90b296f7fcc628
- Size
  
  167KB
- MD5
  
  1345f8eb15a6270dc2813925e753f298
- SHA1
  
  25bedbfa4934c2d91058a9b1f1d2c2703e7bdc2f
- SHA256
  
  68e00e2f71b7ae7c1124426680d387223bdde400865d1c5a6b90b296f7fcc628
- SHA512
  
  c1b6e60566d6388d7e656c28afd241a0678666b5efca431ff8d1173631eb511e27877d2047d356ccad1ef38fa3b5ceec958840021d4e580be576e006c7004ded
- SSDEEP
  
  3072:UKruHcjlP82XYPNp/3SGuaLkvoqh9WmF4PKSRlL7o15YwKm1kiC4+99zXmUhs5fG:UUuHcmjlp/iGu7v5ePKSjvo1TKmWR4+z
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2024

Terms | Privacy