smokeloader | 7f806d99614eef56bddc324cd0c71cff674d7c1694bfbe03d9ea72f2f3d9d08d | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/09/2024, 20:15

Sharing

Report Analysis Logs

General

Target

file.exe
Size

248KB
MD5

6ea7e8d78f2c13dd21e646f0c84a6f55
SHA1

2603885d5f59f1a14e8a9bf8247f974b9b94357e
SHA256

7f806d99614eef56bddc324cd0c71cff674d7c1694bfbe03d9ea72f2f3d9d08d
SHA512

91c1a5f1fa3389f6ca17853b68db599ca2f19006fa34718da0793e2fe3fb6d07ea21e954d42b4d06d7b8cd209c27b787009155b1b2feccf3bee910ec38384366
SSDEEP

3072:2HLMNa0RHlCGgsTNwust52n5oXVYz3M5pcxZ2Hzaej:2HLMUIHlCVsTgtFFYc56i

Score

10^/10

smokeloader pub3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1624-2-0x0000000000660000-0x0000000000760000-memory.dmp

Filesize
1024KB

Download
memory/1624-1-0x0000000000400000-0x0000000000539000-memory.dmp

Filesize
1.2MB

Download
memory/1624-4-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1624-3-0x0000000000220000-0x000000000022B000-memory.dmp

Filesize
44KB

Download
memory/1624-5-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download