smokeloader | 4d1c2e09c824359228e2fd39a16fac711956190f86790b74ff856a46b12520c1 | Triage

Sharing

General

Target

Transaction_Ref_26082024_jpg.zip
Size

413KB
Sample

240826-tycj4avdlp
MD5

2197e29e2812785dfeb342a1ad095324
SHA1

a76f87a29c5f20be2a17c4cdc94458d7b7bc1279
SHA256

4d1c2e09c824359228e2fd39a16fac711956190f86790b74ff856a46b12520c1
SHA512

41b00e4fc47eef7be8d09461e2f8b0abd56ceba95a458824264d860bf679f2a7c18df071e5527bf7f651d068cf78e7499b527fce43df37e59c7a7f2b0b6b45e7
SSDEEP

12288:tE9N70KoPqfMYSPqc/5DRhiGVjBCWuHb4RO:tE9NYVMMY8qc/5DFOHb4o

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  Transaction_Ref_26082024_jpg.scr
- Size
  
  469KB
- MD5
  
  793a58e683a54d24d3c6bae96df29d65
- SHA1
  
  09e7bdc6a52fa3290fa7e9ee0471c0d1e445a2ce
- SHA256
  
  80f14f5249c49d21ea607b34fa793d523e03acda8298b1ab1ae8a3d55428c6ce
- SHA512
  
  f9d6a7d6bdcdfcc3507c55de2e2273e8681f5e8002cffd543bd664064c7e96c35137323f21a742bb00a6cadfc66e06084ddab3ba68207e97cbfa55fc7ec83e42
- SSDEEP
  
  12288:QvIGc227fgEH/ZnTzlyi3EV/189JhnuYfW9akuz:Ax27Jf9Txye6CJRGDu
Score

10^/10

discovery smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

smokeloaderbackdoordiscoverytrojan