smokeloader | fbdda2357b3b4439dcd370d5095655f08bc3bca07eaefdb55c8e8f89d0c3607e | Triage

Sharing

General

Target

0053bfb9b145fc5b257b8b96ee050890N
Size

287KB
Sample

240826-xgejxazblc
MD5

0053bfb9b145fc5b257b8b96ee050890
SHA1

75e6b5662f1fd968f7db9df1d4de69c1a1f7d552
SHA256

fbdda2357b3b4439dcd370d5095655f08bc3bca07eaefdb55c8e8f89d0c3607e
SHA512

0b1e6cd8c14e8d2893e4d3a6e35a536baee3c887ae7169fb7a5a19cc4a6f57db2da033d51b0433ab4fd4f6b4b1877cd288efcae8cac7c587c0f52a34ef569134
SSDEEP

3072:9cf4BqU5F2Mr8zbFDauRJiu1qgqJrPOgNlvLYh8FYGyX11G2CI9OdmRggxHjzwoq:GIqUYRVf6rPPMVzX1oxOjzVu

Score

10^/10

smokeloader 0704 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0704

Targets

- Target
  
  0053bfb9b145fc5b257b8b96ee050890N
- Size
  
  287KB
- MD5
  
  0053bfb9b145fc5b257b8b96ee050890
- SHA1
  
  75e6b5662f1fd968f7db9df1d4de69c1a1f7d552
- SHA256
  
  fbdda2357b3b4439dcd370d5095655f08bc3bca07eaefdb55c8e8f89d0c3607e
- SHA512
  
  0b1e6cd8c14e8d2893e4d3a6e35a536baee3c887ae7169fb7a5a19cc4a6f57db2da033d51b0433ab4fd4f6b4b1877cd288efcae8cac7c587c0f52a34ef569134
- SSDEEP
  
  3072:9cf4BqU5F2Mr8zbFDauRJiu1qgqJrPOgNlvLYh8FYGyX11G2CI9OdmRggxHjzwoq:GIqUYRVf6rPPMVzX1oxOjzVu
Score

10^/10

smokeloader 0704 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0704backdoordiscoverytrojan

behavioral2

smokeloader0704backdoordiscoverytrojan