smokeloader | 66c921db2c6fdcd4a1e1fb49e8aee7a7f519ba35e3d9c0594aa2ae7a130b5f00 | Triage

Sharing

General

Target

66c921db2c6fdcd4a1e1fb49e8aee7a7f519ba35e3d9c0594aa2ae7a130b5f00
Size

244KB
Sample

241030-1ys1eascnr
MD5

8872a0810f84b22f76e9c01e4b8d19c7
SHA1

cd5c3b7ae7c1343d3b896e56db32085b9140f7bc
SHA256

66c921db2c6fdcd4a1e1fb49e8aee7a7f519ba35e3d9c0594aa2ae7a130b5f00
SHA512

4b5e962a3403cd6f871e083a7910e48a9a3e0682068be7b5536a842f5cf54ba7e6393e277d1041b66fd284fd052eedc7f28e728f8f62e72ea334198a5dca6a0f
SSDEEP

6144:8YZQo0SPVfMoLcWbQFeQ7iIkdK7u++Gt9foHGjsVc8:vZxPVfMoLNhQ7h5utGf5V

Score

10^/10

smokeloader 555 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

555

Targets

- Target
  
  66c921db2c6fdcd4a1e1fb49e8aee7a7f519ba35e3d9c0594aa2ae7a130b5f00
- Size
  
  244KB
- MD5
  
  8872a0810f84b22f76e9c01e4b8d19c7
- SHA1
  
  cd5c3b7ae7c1343d3b896e56db32085b9140f7bc
- SHA256
  
  66c921db2c6fdcd4a1e1fb49e8aee7a7f519ba35e3d9c0594aa2ae7a130b5f00
- SHA512
  
  4b5e962a3403cd6f871e083a7910e48a9a3e0682068be7b5536a842f5cf54ba7e6393e277d1041b66fd284fd052eedc7f28e728f8f62e72ea334198a5dca6a0f
- SSDEEP
  
  6144:8YZQo0SPVfMoLcWbQFeQ7iIkdK7u++Gt9foHGjsVc8:vZxPVfMoLNhQ7h5utGf5V
Score

10^/10

smokeloader 555 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader555backdoordiscoverytrojan

behavioral2

smokeloader555backdoordiscoverytrojan