smokeloader | e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb | Triage

Sharing

General

Target

e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb
Size

734KB
Sample

240506-267zzaff2z
MD5

0c4cb8fd1e3cc4b42556562d317e6e59
SHA1

8a572e6ef21e54b76cf0b38099c6ca47d607170e
SHA256

e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb
SHA512

0b7c6520fe39261743cb6f85a601d9e7306a17e25b1909150a14cd4e31e5c2d9c0faef30effbd1dc1eb1108da53b0f6284d701ce37ab5cef5dbcf9a2f8634652
SSDEEP

12288:dXxKusPyZi+9cn2eIIcXopkUxTBdmEkH1Vmkw8dUfmBpHG9Yg1p8mgNahqYSkjQH:dXxKusaZi+9pI3xl1u1q/fmpnepSzYSr

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb
- Size
  
  734KB
- MD5
  
  0c4cb8fd1e3cc4b42556562d317e6e59
- SHA1
  
  8a572e6ef21e54b76cf0b38099c6ca47d607170e
- SHA256
  
  e787e9b3eb07676a4848cb9ff1dad9a19a5b3aa11a220b2ba3d447ac6680abeb
- SHA512
  
  0b7c6520fe39261743cb6f85a601d9e7306a17e25b1909150a14cd4e31e5c2d9c0faef30effbd1dc1eb1108da53b0f6284d701ce37ab5cef5dbcf9a2f8634652
- SSDEEP
  
  12288:dXxKusPyZi+9cn2eIIcXopkUxTBdmEkH1Vmkw8dUfmBpHG9Yg1p8mgNahqYSkjQH:dXxKusaZi+9pI3xl1u1q/fmpnepSzYSr
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

smokeloaderpub3backdoortrojan