smokeloader | 078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164 | Triage

Resubmissions

25-04-2024 18:41

240425-xbtfwade97 10

23-02-2024 00:25

240223-aqsrkahd35 10

22-02-2024 20:52

240222-znqxmafa7x 10

22-02-2024 17:28

240222-v17zfsdd86 10

22-02-2024 17:13

240222-vrss6sdc92 10

22-02-2024 17:01

240222-vjm8qadc33 10

22-02-2024 15:57

240222-ted9ksce55 10

Sharing

General

Target

6958ACC382E71103A0B83D20BBBB37D2.exe
Size

232KB
Sample

240425-xbtfwade97
MD5

6958acc382e71103a0b83d20bbbb37d2
SHA1

65bf64dfcabf7bc83e47ffc4360cda022d4dab34
SHA256

078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164
SHA512

ebfa8b6986630b3502409d38cdff54881e4bce48511c7ba4f027345296c29708112c19ec6c9181c4b0188fa1f5cbe17b3c5d44dc07f33858323c677ef9caaeae
SSDEEP

3072:FdfbYSFlTBL/A9OYh6++4hY7gfv9yPQxAVUmZAzsqvj1letKv/jbNRKCnrQbW:PbYSFH/AYYh9vERVUmSAQj1la9

Score

10^/10

smokeloader tfd5 backdoor persistence trojan upx

Malware Config

Extracted

Family

smokeloader

Botnet

tfd5

Targets

- Target
  
  6958ACC382E71103A0B83D20BBBB37D2.exe
- Size
  
  232KB
- MD5
  
  6958acc382e71103a0b83d20bbbb37d2
- SHA1
  
  65bf64dfcabf7bc83e47ffc4360cda022d4dab34
- SHA256
  
  078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164
- SHA512
  
  ebfa8b6986630b3502409d38cdff54881e4bce48511c7ba4f027345296c29708112c19ec6c9181c4b0188fa1f5cbe17b3c5d44dc07f33858323c677ef9caaeae
- SSDEEP
  
  3072:FdfbYSFlTBL/A9OYh6++4hY7gfv9yPQxAVUmZAzsqvj1letKv/jbNRKCnrQbW:PbYSFH/AYYh9vERVUmSAQj1la9
Score

10^/10

smokeloader tfd5 backdoor persistence trojan upx
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloadertfd5backdoorpersistencetrojanupx