smokeloader | 2ffefd6d6a9cdc3be6af8668ef70bda18a8bdf2f177dc2e1dfcd97fa24d6fcd0 | Triage

Sharing

General

Target

2ffefd6d6a9cdc3be6af8668ef70bda18a8bdf2f177dc2e1dfcd97fa24d6fcd0.exe
Size

200KB
Sample

240821-br1z1axanj
MD5

ca142bb5991938bc98768c2a19169ff2
SHA1

8c7a08db467b6908199cb79a61ef776b9db366d8
SHA256

2ffefd6d6a9cdc3be6af8668ef70bda18a8bdf2f177dc2e1dfcd97fa24d6fcd0
SHA512

5a3d930da9d36212831cf6630ddcf78224dd3cf2a5e4e42de7dbf90a0ffd38acf0afe7ec2f444871b410444c112109c5fbde68526028d34aeca8dbd6c436535d
SSDEEP

3072:dmL2ebTfn3p1G10Jg57zYcZSrOBP15bO4:dmL2ebT/51GeAsqA4

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  2ffefd6d6a9cdc3be6af8668ef70bda18a8bdf2f177dc2e1dfcd97fa24d6fcd0.exe
- Size
  
  200KB
- MD5
  
  ca142bb5991938bc98768c2a19169ff2
- SHA1
  
  8c7a08db467b6908199cb79a61ef776b9db366d8
- SHA256
  
  2ffefd6d6a9cdc3be6af8668ef70bda18a8bdf2f177dc2e1dfcd97fa24d6fcd0
- SHA512
  
  5a3d930da9d36212831cf6630ddcf78224dd3cf2a5e4e42de7dbf90a0ffd38acf0afe7ec2f444871b410444c112109c5fbde68526028d34aeca8dbd6c436535d
- SSDEEP
  
  3072:dmL2ebTfn3p1G10Jg57zYcZSrOBP15bO4:dmL2ebT/51GeAsqA4
Score

10^/10

smokeloader pub2 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan