smokeloader | 5f4c748cf53b1771300085abcdc6535e122f477e02f2467296a72c8db1b043c3 | Triage

Sharing

General

Target

5f4c748cf53b1771300085abcdc6535e122f477e02f2467296a72c8db1b043c3N
Size

241KB
Sample

241026-y4jb2sycma
MD5

f1b6d0c29f0f9d561b4bfa29f9c53670
SHA1

af9c0a7380cedbb7a281c4502672ab8a1366568f
SHA256

5f4c748cf53b1771300085abcdc6535e122f477e02f2467296a72c8db1b043c3
SHA512

3fae3c8f000a63f9724e6460bd778b55f9ab5ef75c4c424adc757f91f5ce8219da156158673200a4ef259e48c551a9406c537aba8e0700728f6f7b68491a6a9d
SSDEEP

3072:WFlbyL1lH6WLoLATSZ1iQ55d3DbTPMMkriroYkO/FX:xrH6A3+ZL33DrSIt1

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  5f4c748cf53b1771300085abcdc6535e122f477e02f2467296a72c8db1b043c3N
- Size
  
  241KB
- MD5
  
  f1b6d0c29f0f9d561b4bfa29f9c53670
- SHA1
  
  af9c0a7380cedbb7a281c4502672ab8a1366568f
- SHA256
  
  5f4c748cf53b1771300085abcdc6535e122f477e02f2467296a72c8db1b043c3
- SHA512
  
  3fae3c8f000a63f9724e6460bd778b55f9ab5ef75c4c424adc757f91f5ce8219da156158673200a4ef259e48c551a9406c537aba8e0700728f6f7b68491a6a9d
- SSDEEP
  
  3072:WFlbyL1lH6WLoLATSZ1iQ55d3DbTPMMkriroYkO/FX:xrH6A3+ZL33DrSIt1
Score

10^/10

smokeloader pub2 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan