smokeloader | 7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62
Size

1.3MB
Sample

240725-1dm9eswcml
MD5

bd872ba52ce39a98cafeb40929e262a5
SHA1

3e07fd75182b19df884e838efcbae0b4d7303dd4
SHA256

7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62
SHA512

d0a35363007737631ed34a52e4cc1181f46fbe96177e360bd70bfc931546758e5e8088d02fd09cdc54c41ba524ab1264db05d4ff3455949bb73265b103f859d3
SSDEEP

24576:SRPuEL3DiXwK5FN3fiVcsR5jUSrPCzqNz1TL4kGT3nYaBZ2iUP:SRGELD81FNycsR542VpTL4k6Y9R

Score

10^/10

smokeloader backdoor discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62.exe

Resource

win10v2004-20240709-en

smokeloader backdoor discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62.exe

Resource

win11-20240709-en

smokeloader backdoor discovery trojan

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62
- Size
  
  1.3MB
- MD5
  
  bd872ba52ce39a98cafeb40929e262a5
- SHA1
  
  3e07fd75182b19df884e838efcbae0b4d7303dd4
- SHA256
  
  7e97e6e6ccae12c62ee828a165fc3c0945026440716621d90abc77a1f7fc5c62
- SHA512
  
  d0a35363007737631ed34a52e4cc1181f46fbe96177e360bd70bfc931546758e5e8088d02fd09cdc54c41ba524ab1264db05d4ff3455949bb73265b103f859d3
- SSDEEP
  
  24576:SRPuEL3DiXwK5FN3fiVcsR5jUSrPCzqNz1TL4kGT3nYaBZ2iUP:SRGELD81FNycsR542VpTL4k6Y9R
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan

© 2018-2024

Terms | Privacy