smokeloader | 1ffcdc195a2acafeb4b5536ce0ea979300ea11bcc88b7abd4e5d4445d6c0f03c | Triage

Sharing

General

Target

1ffcdc195a2acafeb4b5536ce0ea979300ea11bcc88b7abd4e5d4445d6c0f03c
Size

791KB
Sample

240516-2qv1gace52
MD5

36a24042ecbdb8cbf508137cc84bfe62
SHA1

5cf17f4abcb523174c610b0c9c9aae3ec3dca52f
SHA256

1ffcdc195a2acafeb4b5536ce0ea979300ea11bcc88b7abd4e5d4445d6c0f03c
SHA512

2572c7c064c08c048bb57ece6b01b7ec0d36971e0e06d6e3e4a22e537a9d20014147272a2564214065a3f3193b46ddb4394308afcbd766d2f3d44d5519b62703
SSDEEP

12288:sfNwqNa1t9Ylqb9avl+EkfTB8wM/ryV/D51lmSZ1puSKblZZZYLRkJ1yIZ1/c54m:kN1NM939akEk7B34oV1NpZwZZZQkpEOi

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  1ffcdc195a2acafeb4b5536ce0ea979300ea11bcc88b7abd4e5d4445d6c0f03c
- Size
  
  791KB
- MD5
  
  36a24042ecbdb8cbf508137cc84bfe62
- SHA1
  
  5cf17f4abcb523174c610b0c9c9aae3ec3dca52f
- SHA256
  
  1ffcdc195a2acafeb4b5536ce0ea979300ea11bcc88b7abd4e5d4445d6c0f03c
- SHA512
  
  2572c7c064c08c048bb57ece6b01b7ec0d36971e0e06d6e3e4a22e537a9d20014147272a2564214065a3f3193b46ddb4394308afcbd766d2f3d44d5519b62703
- SSDEEP
  
  12288:sfNwqNa1t9Ylqb9avl+EkfTB8wM/ryV/D51lmSZ1puSKblZZZYLRkJ1yIZ1/c54m:kN1NM939akEk7B34oV1NpZwZZZQkpEOi
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

smokeloaderpub3backdoortrojan