smokeloader | ac8c8fb1944db297b82995c4d13648d2d7c3884d59a033c8c14db845597eef6c | Triage

Sharing

General

Target

ac8c8fb1944db297b82995c4d13648d2d7c3884d59a033c8c14db845597eef6c
Size

227KB
Sample

240727-egn48swbnp
MD5

c6a9ab6339f8617d18f8966aa1359f34
SHA1

67ffa3bb4d7ef16fb9685702e06c9910a369f74f
SHA256

ac8c8fb1944db297b82995c4d13648d2d7c3884d59a033c8c14db845597eef6c
SHA512

3df1613df775229d9cfba5863afddf9f427f1eee985274e81f9725e1ca3ec04c6c1f68e5533946a55fcbcc117d7fe5df11aa5ac1e20975ea6ca213c04769a6f8
SSDEEP

3072:LCVuay93ub/RkG7Q9UHdwYkPcCdMG/vWN4qQOzL1yzErKpM:Ocay93G/RkG7Q95kCdmCVOlyzErK

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  ac8c8fb1944db297b82995c4d13648d2d7c3884d59a033c8c14db845597eef6c
- Size
  
  227KB
- MD5
  
  c6a9ab6339f8617d18f8966aa1359f34
- SHA1
  
  67ffa3bb4d7ef16fb9685702e06c9910a369f74f
- SHA256
  
  ac8c8fb1944db297b82995c4d13648d2d7c3884d59a033c8c14db845597eef6c
- SHA512
  
  3df1613df775229d9cfba5863afddf9f427f1eee985274e81f9725e1ca3ec04c6c1f68e5533946a55fcbcc117d7fe5df11aa5ac1e20975ea6ca213c04769a6f8
- SSDEEP
  
  3072:LCVuay93ub/RkG7Q9UHdwYkPcCdMG/vWN4qQOzL1yzErKpM:Ocay93G/RkG7Q95kCdmCVOlyzErK
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan