smokeloader | af4d41497523138d69521783d52d5e50ec61656844df50f8062821c3952585a2 | Triage

Sharing

General

Target

c48710f4585b91cbedc22878e10e3ee0N
Size

473KB
Sample

240907-ydek6s1djn
MD5

c48710f4585b91cbedc22878e10e3ee0
SHA1

696e722873d5bade5b06edb9eba19725e86707b4
SHA256

af4d41497523138d69521783d52d5e50ec61656844df50f8062821c3952585a2
SHA512

3bd595183e417c6fbdc573b0d9c5ff2fcf4b002d4af234bbbec40541ea5d5adb7d41738515bd0d1925362ba200fc09889516990383561dd51e822c266aefa084
SSDEEP

12288:pewru9jNH7+HII6B/l03ktxo6XRCfRV/pT6HpGGUMQRLwH+ejIct54zvScqZpf9B:pewru9jr

Score

10^/10

smokeloader xpad backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

XPAD

Targets

- Target
  
  c48710f4585b91cbedc22878e10e3ee0N
- Size
  
  473KB
- MD5
  
  c48710f4585b91cbedc22878e10e3ee0
- SHA1
  
  696e722873d5bade5b06edb9eba19725e86707b4
- SHA256
  
  af4d41497523138d69521783d52d5e50ec61656844df50f8062821c3952585a2
- SHA512
  
  3bd595183e417c6fbdc573b0d9c5ff2fcf4b002d4af234bbbec40541ea5d5adb7d41738515bd0d1925362ba200fc09889516990383561dd51e822c266aefa084
- SSDEEP
  
  12288:pewru9jNH7+HII6B/l03ktxo6XRCfRV/pT6HpGGUMQRLwH+ejIct54zvScqZpf9B:pewru9jr
Score

10^/10

smokeloader xpad backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderxpadbackdoordiscoverytrojan

behavioral2

smokeloaderxpadbackdoordiscoverytrojan