smokeloader | d148dcdf7ce2829f41f9c6ecbc1cf0061baefbc9e805e5929c4aeceddd8dc218 | Triage

Sharing

General

Target

723695445e91b19b120d9d98b645e4f9.zip
Size

152KB
Sample

240903-tlrs9a1bnl
MD5

fa14d5ee22390c99efb2a14bde6d2a8c
SHA1

2ea6366ee9ea6f09cde394f92f5af60b6e7f7ddf
SHA256

d148dcdf7ce2829f41f9c6ecbc1cf0061baefbc9e805e5929c4aeceddd8dc218
SHA512

90cdbab24a8a623944a2b8f50310880e31e5946623812ecc5bba8cb5ccb1a16134f95f41744ee0ac2cd7c1189527e22dde042c2143e832fb1d892d0b656b1d4a
SSDEEP

3072:T/oDGiQxPJQl5AyyS8Ncwnnv0/jzIwh0u6Dk1xgX4wC:7ZxPCMrv0LhWDkEX4wC

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  1dcd977b87c59a7670f279c7cb6f70794fabed94c934e6fa105b33dbe2121972
- Size
  
  311KB
- MD5
  
  723695445e91b19b120d9d98b645e4f9
- SHA1
  
  7bc1d72241291fc61cbdd19fcc1df0a778445c53
- SHA256
  
  1dcd977b87c59a7670f279c7cb6f70794fabed94c934e6fa105b33dbe2121972
- SHA512
  
  f62eccf326df940a2a8c674b2ad9ed5040062394c2ecd032b388149d96634b0bd24392c936e09769d2024126768c704edb5f65179a1ceffe5ffc340d0946279f
- SSDEEP
  
  6144:lsgmlpEWVOb92MvJywZipFvMl5I6LK5Zplb:+hlpEWVOx2MBCpFYI6Lwv
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan