smokeloader | 6608c17499d7212c1c8f4450a2c6fec8627f8a0f1f7015dab5920b271696c84b | Triage

Sharing

General

Target

2a85c580c3b709fea4c0f7c469703070N.exe
Size

208KB
Sample

240824-11fsvsscpb
MD5

2a85c580c3b709fea4c0f7c469703070
SHA1

5028450b3a79bd3d8523e976c3ef72c5d63d8323
SHA256

6608c17499d7212c1c8f4450a2c6fec8627f8a0f1f7015dab5920b271696c84b
SHA512

dbdb4bc070d7d92ba03990699fd5984d47e92987f1f37655301475dc3a1d8ddf7af8e99901d537fa569562f727b888e75bbcb12d405d5b4259e540c62b276ef0
SSDEEP

3072:O/xUH0ywakB4VvLqOoOflq15iJiShvOX20c19P4JzVbdA45j86AT9R0uSk:O/xUgakB4VvLqzukgwc114ZVX8530j

Score

10^/10

smokeloader pub4 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Targets

- Target
  
  2a85c580c3b709fea4c0f7c469703070N.exe
- Size
  
  208KB
- MD5
  
  2a85c580c3b709fea4c0f7c469703070
- SHA1
  
  5028450b3a79bd3d8523e976c3ef72c5d63d8323
- SHA256
  
  6608c17499d7212c1c8f4450a2c6fec8627f8a0f1f7015dab5920b271696c84b
- SHA512
  
  dbdb4bc070d7d92ba03990699fd5984d47e92987f1f37655301475dc3a1d8ddf7af8e99901d537fa569562f727b888e75bbcb12d405d5b4259e540c62b276ef0
- SSDEEP
  
  3072:O/xUH0ywakB4VvLqOoOflq15iJiShvOX20c19P4JzVbdA45j86AT9R0uSk:O/xUgakB4VvLqzukgwc114ZVX8530j
Score

10^/10

smokeloader pub4 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoordiscoverytrojan

behavioral2

smokeloaderpub4backdoordiscoverytrojan