smokeloader | 4b27fd5c70588d922a25f658f35d5c5d3e0085ba88d9bb9b25746c52b2b58e59 | Triage

Sharing

General

Target

4b27fd5c70588d922a25f658f35d5c5d3e0085ba88d9bb9b25746c52b2b58e59
Size

975KB
Sample

240820-zt42fatakg
MD5

c10cc05f3b3d59c92b1ae9cd99246cb8
SHA1

cea0bad5af7ab2ea03da693f3857b65a46dab466
SHA256

4b27fd5c70588d922a25f658f35d5c5d3e0085ba88d9bb9b25746c52b2b58e59
SHA512

6c376226cfab1ecabb37da2905ef902fa330a82a9e242114b3a431272dab4bd2166ec86a1ec3082656639307c4d1c9f5e697f30806c5ff9d6b6784e47004ad26
SSDEEP

12288:v+MGl+GaMWxv1rA69EqPo3La38yUhsGdxZ66ciFOFKXz9BUal9pU9b9JfyV0RSbq:JGaMsv1r7D6Lasya6pFyBUmU9nu1b9s

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  4b27fd5c70588d922a25f658f35d5c5d3e0085ba88d9bb9b25746c52b2b58e59
- Size
  
  975KB
- MD5
  
  c10cc05f3b3d59c92b1ae9cd99246cb8
- SHA1
  
  cea0bad5af7ab2ea03da693f3857b65a46dab466
- SHA256
  
  4b27fd5c70588d922a25f658f35d5c5d3e0085ba88d9bb9b25746c52b2b58e59
- SHA512
  
  6c376226cfab1ecabb37da2905ef902fa330a82a9e242114b3a431272dab4bd2166ec86a1ec3082656639307c4d1c9f5e697f30806c5ff9d6b6784e47004ad26
- SSDEEP
  
  12288:v+MGl+GaMWxv1rA69EqPo3La38yUhsGdxZ66ciFOFKXz9BUal9pU9b9JfyV0RSbq:JGaMsv1r7D6Lasya6pFyBUmU9nu1b9s
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan