smokeloader | 752ec1aa99094a1c2ab70274082e4b25fdc119aeea929d63dbe09683b010dfc6 | Triage

Sharing

General

Target

Trojan.Win32.GCleaner.ASGI.MTB-752ec1aa99094a1c2ab70274082e4b25fdc119aeea929d63dbe09683b010dfc6N
Size

229KB
Sample

240916-xc7d5atdra
MD5

f5dea85673ce9dd544cba1f57acda760
SHA1

76db4caa56b2b6a48f0cae49128228bc1bc5a82f
SHA256

752ec1aa99094a1c2ab70274082e4b25fdc119aeea929d63dbe09683b010dfc6
SHA512

c4fe2870f40c1d98d877124e084d3e582b216f1e5ebada6884c7679df7b0dfa46e8dee0f1cf5364add18e13e445e0de97c1f1f960c83066b122cd26352e7b7e3
SSDEEP

6144:qND7vpIKBVoz3zy7DpUUzuQTdJbNnr3Z:4D7xIKoCUUzhdJbNnr3Z

Score

10^/10

smokeloader pub4 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Targets

- Target
  
  Trojan.Win32.GCleaner.ASGI.MTB-752ec1aa99094a1c2ab70274082e4b25fdc119aeea929d63dbe09683b010dfc6N
- Size
  
  229KB
- MD5
  
  f5dea85673ce9dd544cba1f57acda760
- SHA1
  
  76db4caa56b2b6a48f0cae49128228bc1bc5a82f
- SHA256
  
  752ec1aa99094a1c2ab70274082e4b25fdc119aeea929d63dbe09683b010dfc6
- SHA512
  
  c4fe2870f40c1d98d877124e084d3e582b216f1e5ebada6884c7679df7b0dfa46e8dee0f1cf5364add18e13e445e0de97c1f1f960c83066b122cd26352e7b7e3
- SSDEEP
  
  6144:qND7vpIKBVoz3zy7DpUUzuQTdJbNnr3Z:4D7xIKoCUUzhdJbNnr3Z
Score

10^/10

smokeloader pub4 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoortrojan

behavioral2

smokeloaderpub4backdoordiscoverytrojan