smokeloader | b075bb81edd55fa1a3fb85d304fe852e782ed7f0f6ce5410db289ec97b5af476 | Triage

Sharing

General

Target

03071d90baee16127c9c7239b268d910N
Size

263KB
Sample

240908-jg7zkawdra
MD5

03071d90baee16127c9c7239b268d910
SHA1

2f12b8c1de73fabeb5a2c0c7e680ecc969bfa757
SHA256

b075bb81edd55fa1a3fb85d304fe852e782ed7f0f6ce5410db289ec97b5af476
SHA512

ce0bec48bc3b092568675aeb1bdc3ea517aaaa94d4b9fe75d468e506da696787146905d88be4880c11841326cb31f0124bde64cfb5b4eac36a5bed0a1ab7580b
SSDEEP

6144:n6a3IeJVoILzGBuXxh33mri0+3r84+MUA:PJyI3XxR3mu0vvA

Score

10^/10

smokeloader 2210 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

2210

Targets

- Target
  
  03071d90baee16127c9c7239b268d910N
- Size
  
  263KB
- MD5
  
  03071d90baee16127c9c7239b268d910
- SHA1
  
  2f12b8c1de73fabeb5a2c0c7e680ecc969bfa757
- SHA256
  
  b075bb81edd55fa1a3fb85d304fe852e782ed7f0f6ce5410db289ec97b5af476
- SHA512
  
  ce0bec48bc3b092568675aeb1bdc3ea517aaaa94d4b9fe75d468e506da696787146905d88be4880c11841326cb31f0124bde64cfb5b4eac36a5bed0a1ab7580b
- SSDEEP
  
  6144:n6a3IeJVoILzGBuXxh33mri0+3r84+MUA:PJyI3XxR3mu0vvA
Score

10^/10

smokeloader 2210 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader2210backdoordiscoverytrojan

behavioral2

smokeloader2210backdoordiscoverytrojan