smokeloader | 397b7c861f15fae570afabc79246f970458526d728b9e564e329e662bfcf8153 | Triage

Sharing

General

Target

397b7c861f15fae570afabc79246f970458526d728b9e564e329e662bfcf8153
Size

337KB
Sample

240823-ys2dgstcke
MD5

09a3791119e544010c72ef80930faaa7
SHA1

c0175cde31c5f9183deeead0f7976834cc642783
SHA256

397b7c861f15fae570afabc79246f970458526d728b9e564e329e662bfcf8153
SHA512

40bf4a3b088f36866cbe288cd0a5abfadd8d3a042ff29f0ca6bd8e0e6f6f13e32aeeb55f197f2088e89d89eaa1875f4b43f81cc208314c78a7243f520e6ecb1a
SSDEEP

6144:+1eDLOVvtIFILo0o2VE7wozsLiTDdL4eM1ktT93Mhj:+1MOVv0Im2V6wzSdL4eWktTg

Score

10^/10

smokeloader 0604 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0604

Targets

- Target
  
  397b7c861f15fae570afabc79246f970458526d728b9e564e329e662bfcf8153
- Size
  
  337KB
- MD5
  
  09a3791119e544010c72ef80930faaa7
- SHA1
  
  c0175cde31c5f9183deeead0f7976834cc642783
- SHA256
  
  397b7c861f15fae570afabc79246f970458526d728b9e564e329e662bfcf8153
- SHA512
  
  40bf4a3b088f36866cbe288cd0a5abfadd8d3a042ff29f0ca6bd8e0e6f6f13e32aeeb55f197f2088e89d89eaa1875f4b43f81cc208314c78a7243f520e6ecb1a
- SSDEEP
  
  6144:+1eDLOVvtIFILo0o2VE7wozsLiTDdL4eM1ktT93Mhj:+1MOVv0Im2V6wzSdL4eWktTg
Score

10^/10

smokeloader 0604 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0604backdoordiscoverytrojan

behavioral2

smokeloader0604backdoordiscoverytrojan