smokeloader | cb1538b4b7281abc7c18ea8e7b9abf539dfc9e4dcac72b977601c45d184e8e32 | Triage

Sharing

General

Target

cb1538b4b7281abc7c18ea8e7b9abf539dfc9e4dcac72b977601c45d184e8e32
Size

279KB
Sample

241105-1egs2a1qdj
MD5

6ce5053c05174843a4d486fd5922fd6d
SHA1

5ac7310582c5e9b2b51acea9ab5da2d059dbcf9d
SHA256

cb1538b4b7281abc7c18ea8e7b9abf539dfc9e4dcac72b977601c45d184e8e32
SHA512

176c8db888d5cfb820a0112255269adec43c40a5e82262f17ca7b8f559734c03622c06a0c7864279a7f98dff30f67600b149140e345ff2541dab48cba89f9222
SSDEEP

6144:/Pp1RXxM6p/3wppTtvt0gUtHRYTB/APJ:/xPXxr4f9tNUN+YPJ

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  cb1538b4b7281abc7c18ea8e7b9abf539dfc9e4dcac72b977601c45d184e8e32
- Size
  
  279KB
- MD5
  
  6ce5053c05174843a4d486fd5922fd6d
- SHA1
  
  5ac7310582c5e9b2b51acea9ab5da2d059dbcf9d
- SHA256
  
  cb1538b4b7281abc7c18ea8e7b9abf539dfc9e4dcac72b977601c45d184e8e32
- SHA512
  
  176c8db888d5cfb820a0112255269adec43c40a5e82262f17ca7b8f559734c03622c06a0c7864279a7f98dff30f67600b149140e345ff2541dab48cba89f9222
- SSDEEP
  
  6144:/Pp1RXxM6p/3wppTtvt0gUtHRYTB/APJ:/xPXxr4f9tNUN+YPJ
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan