smokeloader | d5e335e98d4dda4647be3b9ecedc5e4a356ffcb78b547ae581eec7cdd31f23cc | Triage

Sharing

General

Target

d5e335e98d4dda4647be3b9ecedc5e4a356ffcb78b547ae581eec7cdd31f23cc
Size

301KB
Sample

240827-e56n7avdll
MD5

8b7b39a22f88119b577d18f5203d3580
SHA1

d2dd1ce5afc18dbdd98d3d328f29863eaf84dc01
SHA256

d5e335e98d4dda4647be3b9ecedc5e4a356ffcb78b547ae581eec7cdd31f23cc
SHA512

f70acbb31b5777824fa861ce7d4df4b4fd5b64767be312b9167cbcf99545cc07d0bd445052e6dafb58a1af5f9ffe95e567501f0287b48b846002109e14c94a8f
SSDEEP

6144:Fmh8ukYHxfL62vUH4L3GvyFv+WxsVfsKE0VXQ9M0:Fk8uJL62MsGKBxwfspP9H

Score

10^/10

smokeloader 0304 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0304

Targets

- Target
  
  d5e335e98d4dda4647be3b9ecedc5e4a356ffcb78b547ae581eec7cdd31f23cc
- Size
  
  301KB
- MD5
  
  8b7b39a22f88119b577d18f5203d3580
- SHA1
  
  d2dd1ce5afc18dbdd98d3d328f29863eaf84dc01
- SHA256
  
  d5e335e98d4dda4647be3b9ecedc5e4a356ffcb78b547ae581eec7cdd31f23cc
- SHA512
  
  f70acbb31b5777824fa861ce7d4df4b4fd5b64767be312b9167cbcf99545cc07d0bd445052e6dafb58a1af5f9ffe95e567501f0287b48b846002109e14c94a8f
- SSDEEP
  
  6144:Fmh8ukYHxfL62vUH4L3GvyFv+WxsVfsKE0VXQ9M0:Fk8uJL62MsGKBxwfspP9H
Score

10^/10

smokeloader 0304 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0304backdoordiscoverytrojan

behavioral2

smokeloader0304backdoordiscoverytrojan