smokeloader | 2d4bc3995ac6cabd9bb82cbc3d641a9a4f81001972679ae6d640ab060b851632 | Triage

Sharing

General

Target

2d4bc3995ac6cabd9bb82cbc3d641a9a4f81001972679ae6d640ab060b851632
Size

742KB
Sample

240516-2tjfvacg25
MD5

d62de46b4abcf94cee625f9ca08ecbfc
SHA1

4fec25eaa32fc2988849e1e5265cfe2d5bf4c1b5
SHA256

2d4bc3995ac6cabd9bb82cbc3d641a9a4f81001972679ae6d640ab060b851632
SHA512

663342b65093a1993217b06d2e042e16472a344a9267cd3eb8fd5992f8be9a0249df180986246d5ddc9bd71cc5310be9a8d954c6d1a219e79858b455891bf97d
SSDEEP

12288:5Xd4o7Q9X2xTQ3gDKj4SvH+IqmAKt+fHegCqXXahtjjHwkaadBY:5Xd4aQMkwDKcSPBP8xC0X+jj5Y

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  2d4bc3995ac6cabd9bb82cbc3d641a9a4f81001972679ae6d640ab060b851632
- Size
  
  742KB
- MD5
  
  d62de46b4abcf94cee625f9ca08ecbfc
- SHA1
  
  4fec25eaa32fc2988849e1e5265cfe2d5bf4c1b5
- SHA256
  
  2d4bc3995ac6cabd9bb82cbc3d641a9a4f81001972679ae6d640ab060b851632
- SHA512
  
  663342b65093a1993217b06d2e042e16472a344a9267cd3eb8fd5992f8be9a0249df180986246d5ddc9bd71cc5310be9a8d954c6d1a219e79858b455891bf97d
- SSDEEP
  
  12288:5Xd4o7Q9X2xTQ3gDKj4SvH+IqmAKt+fHegCqXXahtjjHwkaadBY:5Xd4aQMkwDKcSPBP8xC0X+jj5Y
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

smokeloaderpub3backdoortrojan