smokeloader | 4a0ecbcf9b54ed1c9654eb9ee214a797f48c980c6d03a261f62fa9671a2733d6 | Triage

Sharing

General

Target

toolspab2 (30).exe
Size

315KB
Sample

241031-rnva2szdqa
MD5

585c257e0b345b762e7cdc407d8f9da2
SHA1

ffee403d97b76c3460fc166b9d5ce1205cd216a5
SHA256

4a0ecbcf9b54ed1c9654eb9ee214a797f48c980c6d03a261f62fa9671a2733d6
SHA512

14d39a6cd1c6d912cae7c35e2a98affcd5a9c1df6b947c42de65344e08d34912b09ccac83f9d8c3213b4e3d555769801e8218cb3f4b970d1d08606ee5a454ba8
SSDEEP

6144:J8vdsCkoXbs7InFkwwprDgAh1GGwCVwQaUBtH:JORbs7InFkHv5+G9OQBn

Score

10^/10

smokeloader 0904 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0904

Targets

- Target
  
  toolspab2 (30).exe
- Size
  
  315KB
- MD5
  
  585c257e0b345b762e7cdc407d8f9da2
- SHA1
  
  ffee403d97b76c3460fc166b9d5ce1205cd216a5
- SHA256
  
  4a0ecbcf9b54ed1c9654eb9ee214a797f48c980c6d03a261f62fa9671a2733d6
- SHA512
  
  14d39a6cd1c6d912cae7c35e2a98affcd5a9c1df6b947c42de65344e08d34912b09ccac83f9d8c3213b4e3d555769801e8218cb3f4b970d1d08606ee5a454ba8
- SSDEEP
  
  6144:J8vdsCkoXbs7InFkwwprDgAh1GGwCVwQaUBtH:JORbs7InFkHv5+G9OQBn
Score

10^/10

smokeloader 0904 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0904backdoordiscoverytrojan

behavioral2