smokeloader | 2ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857 | Triage

Sharing

General

Target

2ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857
Size

319KB
Sample

240928-v8lfesxgrn
MD5

9d9ced00194f22bea97c21f421a67832
SHA1

8e8b04c4a2debf3ddebf23cbd38f990bde8e2e10
SHA256

2ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857
SHA512

4375b0d3da78a32cf12bce228359c92a53e52ba4d470152eee0970f57ddb86f568131e5df4e642077f8f10557482251d135918dc922a1685e96c358b4251fa06
SSDEEP

6144:mLL595Z8Fo2eRo144PAXGq0VvRFBMolz209+2By:eV3+ekzPA10VvR5lzK28

Score

10^/10

smokeloader lab backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

lab

Targets

- Target
  
  2ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857
- Size
  
  319KB
- MD5
  
  9d9ced00194f22bea97c21f421a67832
- SHA1
  
  8e8b04c4a2debf3ddebf23cbd38f990bde8e2e10
- SHA256
  
  2ae29fff50afc21422c12b4e64b055df4d342fb493a667e18b6dda7ad3403857
- SHA512
  
  4375b0d3da78a32cf12bce228359c92a53e52ba4d470152eee0970f57ddb86f568131e5df4e642077f8f10557482251d135918dc922a1685e96c358b4251fa06
- SSDEEP
  
  6144:mLL595Z8Fo2eRo144PAXGq0VvRFBMolz209+2By:eV3+ekzPA10VvR5lzK28
Score

10^/10

smokeloader lab backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderlabbackdoordiscoverytrojan

behavioral2

smokeloaderlabbackdoordiscoverytrojan