smokeloader | 9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8 | Triage

Sharing

General

Target

9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
Size

726KB
Sample

240519-gflzlada5z
MD5

8e0d41311b2270061c6bcd1e69600f0a
SHA1

f7089dc2c43021c3619737b50d59681569a4b220
SHA256

9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
SHA512

668e7c567584192a780a6ca798335e4d17717aac777e324f3ca3a17f9d368afd509c1a28400cdf56d8a2d15fd6b5d528f32c714d8aa5b740641d6a66dfc7ce48
SSDEEP

12288:jjp2zZNUptE4Nqfzqk8Bx9SMb5EPL86xImlKk4jue3p+JJD4b/YiFfDBKNcXDaTh:4zZNUptE4MfGk8B35286+k4p+JaYiZVS

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
- Size
  
  726KB
- MD5
  
  8e0d41311b2270061c6bcd1e69600f0a
- SHA1
  
  f7089dc2c43021c3619737b50d59681569a4b220
- SHA256
  
  9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
- SHA512
  
  668e7c567584192a780a6ca798335e4d17717aac777e324f3ca3a17f9d368afd509c1a28400cdf56d8a2d15fd6b5d528f32c714d8aa5b740641d6a66dfc7ce48
- SSDEEP
  
  12288:jjp2zZNUptE4Nqfzqk8Bx9SMb5EPL86xImlKk4jue3p+JJD4b/YiFfDBKNcXDaTh:4zZNUptE4MfGk8B35286+k4p+JaYiZVS
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoortrojan