smokeloader | 2e281f54b30fee468336d8d5e7bc54abed5ed5517b80a592d8a8b4004e93ee97 | Triage

Sharing

General

Target

2e281f54b30fee468336d8d5e7bc54abed5ed5517b80a592d8a8b4004e93ee97
Size

235KB
Sample

241104-wkpcvavala
MD5

c063005476b395e4cede57f0a52ef791
SHA1

ea25df176366b39976390921490c6be60d7f68ce
SHA256

2e281f54b30fee468336d8d5e7bc54abed5ed5517b80a592d8a8b4004e93ee97
SHA512

88dfeed03e5ca4bad1dec146d6f697e6be650ba9d1f4d8777c85d3a4d40fd808111de79c1d4d412b4ff7a9fb1db4fb00536900ce100fa3db93d9f336a048d9f3
SSDEEP

3072:9MoL3vb7EgBUJUA4i7WVA8V5bZ683Tm7uySP3/sj95IlhHVRZpHHx4bCvHOS:9TLDoQegiUDauBsj9KVRZtWCfO

Score

10^/10

smokeloader 7777 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

7777

Targets

- Target
  
  2e281f54b30fee468336d8d5e7bc54abed5ed5517b80a592d8a8b4004e93ee97
- Size
  
  235KB
- MD5
  
  c063005476b395e4cede57f0a52ef791
- SHA1
  
  ea25df176366b39976390921490c6be60d7f68ce
- SHA256
  
  2e281f54b30fee468336d8d5e7bc54abed5ed5517b80a592d8a8b4004e93ee97
- SHA512
  
  88dfeed03e5ca4bad1dec146d6f697e6be650ba9d1f4d8777c85d3a4d40fd808111de79c1d4d412b4ff7a9fb1db4fb00536900ce100fa3db93d9f336a048d9f3
- SSDEEP
  
  3072:9MoL3vb7EgBUJUA4i7WVA8V5bZ683Tm7uySP3/sj95IlhHVRZpHHx4bCvHOS:9TLDoQegiUDauBsj9KVRZtWCfO
Score

10^/10

smokeloader 7777 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader7777backdoordiscoverytrojan

behavioral2

smokeloader7777backdoordiscoverytrojan