smokeloader | df57c3724ad8e3a8794ba2f1fa0ba7929fda8a9f4a213246990233efeea9d550 | Triage

Sharing

General

Target

df57c3724ad8e3a8794ba2f1fa0ba7929fda8a9f4a213246990233efeea9d550
Size

332KB
Sample

240826-empyqatfka
MD5

668fb280ebd65c98b8a5177c729befd9
SHA1

3fb36c6cce744ffbbc445a7937541f04ed2daf93
SHA256

df57c3724ad8e3a8794ba2f1fa0ba7929fda8a9f4a213246990233efeea9d550
SHA512

0ac64338c9f34dcf5dfcd060b079b5e8171cb2784679bbf7da3dafb6476f6fd5de7c355a7029e2495bb524127998f2b8f1c7088919d47bd38901ecb2569c7d98
SSDEEP

3072:UqfeM3WhbEkyJiOMAnX9F+edgqrm2NNQhn51Eeuk6Fk8gCTChVb0dc/sTWCHAV+3:/fehbZbeSqrmONaQ+eGhBkywAV+8

Score

10^/10

smokeloader 0504 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0504

Targets

- Target
  
  df57c3724ad8e3a8794ba2f1fa0ba7929fda8a9f4a213246990233efeea9d550
- Size
  
  332KB
- MD5
  
  668fb280ebd65c98b8a5177c729befd9
- SHA1
  
  3fb36c6cce744ffbbc445a7937541f04ed2daf93
- SHA256
  
  df57c3724ad8e3a8794ba2f1fa0ba7929fda8a9f4a213246990233efeea9d550
- SHA512
  
  0ac64338c9f34dcf5dfcd060b079b5e8171cb2784679bbf7da3dafb6476f6fd5de7c355a7029e2495bb524127998f2b8f1c7088919d47bd38901ecb2569c7d98
- SSDEEP
  
  3072:UqfeM3WhbEkyJiOMAnX9F+edgqrm2NNQhn51Eeuk6Fk8gCTChVb0dc/sTWCHAV+3:/fehbZbeSqrmONaQ+eGhBkywAV+8
Score

10^/10

smokeloader 0504 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0504backdoordiscoverytrojan

behavioral2

smokeloader0504backdoordiscoverytrojan