smokeloader | 9a2654884e63d49ab4c671a281d7bcc6a896feabfd082f68f054ccd9eb82964b | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9a2654884e63d49ab4c671a281d7bcc6a896feabfd082f68f054ccd9eb82964b
Size

187KB
Sample

230305-ld8g2afe8t
MD5

4df2d55375b6156fb03892293e58ed0b
SHA1

ddac3566ae9fc6e82709b81192bda4a0b93bacc3
SHA256

9a2654884e63d49ab4c671a281d7bcc6a896feabfd082f68f054ccd9eb82964b
SHA512

97b60fbafc87afee15f3eae99e7df583a4af444f98f1e16a16c77f00e77dbc8bca5fbc20d016ed5365244e19e4ba6154b9e5f1172bd9dfd609e59c5d67117f27
SSDEEP

3072:9FuR9iXkB/7uRgvBNF57qvDfeAmRHoLbQ2knG29gFZItJ9/GyclXB9R:sgX0/7u6JNFcb5mRILbQC5rItJclX

Score

10^/10

smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

9a2654884e63d49ab4c671a281d7bcc6a896feabfd082f68f054ccd9eb82964b.exe

Resource

win10v2004-20230220-en

smokeloader backdoor trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  9a2654884e63d49ab4c671a281d7bcc6a896feabfd082f68f054ccd9eb82964b
- Size
  
  187KB
- MD5
  
  4df2d55375b6156fb03892293e58ed0b
- SHA1
  
  ddac3566ae9fc6e82709b81192bda4a0b93bacc3
- SHA256
  
  9a2654884e63d49ab4c671a281d7bcc6a896feabfd082f68f054ccd9eb82964b
- SHA512
  
  97b60fbafc87afee15f3eae99e7df583a4af444f98f1e16a16c77f00e77dbc8bca5fbc20d016ed5365244e19e4ba6154b9e5f1172bd9dfd609e59c5d67117f27
- SSDEEP
  
  3072:9FuR9iXkB/7uRgvBNF57qvDfeAmRHoLbQ2knG29gFZItJ9/GyclXB9R:sgX0/7u6JNFcb5mRILbQC5rItJclX
Score

10^/10

smokeloader backdoor trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy