smokeloader | f913881084275fdf37d38f6f06f1f9a5261bac9445fd372bed0c3fdefd346321 | Triage

Sharing

General

Target

f913881084275fdf37d38f6f06f1f9a5261bac9445fd372bed0c3fdefd346321
Size

202KB
Sample

240826-fthnnaybrn
MD5

1bd596b82beeb72ce67b7c528644f1c5
SHA1

aa30ecd4ae8f4905247c7c2adcf0000154408cd6
SHA256

f913881084275fdf37d38f6f06f1f9a5261bac9445fd372bed0c3fdefd346321
SHA512

fd867293f700bfd50547be13389b69ac1c1464bd88e564f2180206c00c6a0280a3737d01d9158ef03174edaab9ea20b408deb2aad611ce96655c1517340e83c2
SSDEEP

3072:riOG+sRZLZwGINvRwYMczT+gE3sY5PDFvp7d57d7zS10mdGh4:ruRZL7yvRwoTjE3DZH57dfNmdR

Score

10^/10

smokeloader pub4 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Targets

- Target
  
  f913881084275fdf37d38f6f06f1f9a5261bac9445fd372bed0c3fdefd346321
- Size
  
  202KB
- MD5
  
  1bd596b82beeb72ce67b7c528644f1c5
- SHA1
  
  aa30ecd4ae8f4905247c7c2adcf0000154408cd6
- SHA256
  
  f913881084275fdf37d38f6f06f1f9a5261bac9445fd372bed0c3fdefd346321
- SHA512
  
  fd867293f700bfd50547be13389b69ac1c1464bd88e564f2180206c00c6a0280a3737d01d9158ef03174edaab9ea20b408deb2aad611ce96655c1517340e83c2
- SSDEEP
  
  3072:riOG+sRZLZwGINvRwYMczT+gE3sY5PDFvp7d57d7zS10mdGh4:ruRZL7yvRwoTjE3DZH57dfNmdR
Score

10^/10

smokeloader pub4 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoortrojan

behavioral2

smokeloaderpub4backdoordiscoverytrojan