smokeloader | 72b33642b862940f781dd3c02a991c1c9b77fc36da5c76a4e8ee64d71cef86f0 | Triage

Sharing

General

Target

72b33642b862940f781dd3c02a991c1c9b77fc36da5c76a4e8ee64d71cef86f0
Size

334KB
Sample

241105-1ysdwazarg
MD5

ecf2374c8902ea11e205da3cb0f4762a
SHA1

3d64bc63d22cd1ffbf271858f2a822302c9ddd85
SHA256

72b33642b862940f781dd3c02a991c1c9b77fc36da5c76a4e8ee64d71cef86f0
SHA512

5d610bf7f3bbcb0f9f3974c73df768918ad9899ad97db55c75c112055d36db5c5859a04a352af19964bf6c033f338e0668300f421833d84b03182ee10a61e85b
SSDEEP

6144:XMdmGeVTusDfe6ml7sXegmPxpNhaWnjEmqTxxtfWXRmM9Bpwynu:XD7xfA7sXe5Js+jTqTTtGl/wo

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  72b33642b862940f781dd3c02a991c1c9b77fc36da5c76a4e8ee64d71cef86f0
- Size
  
  334KB
- MD5
  
  ecf2374c8902ea11e205da3cb0f4762a
- SHA1
  
  3d64bc63d22cd1ffbf271858f2a822302c9ddd85
- SHA256
  
  72b33642b862940f781dd3c02a991c1c9b77fc36da5c76a4e8ee64d71cef86f0
- SHA512
  
  5d610bf7f3bbcb0f9f3974c73df768918ad9899ad97db55c75c112055d36db5c5859a04a352af19964bf6c033f338e0668300f421833d84b03182ee10a61e85b
- SSDEEP
  
  6144:XMdmGeVTusDfe6ml7sXegmPxpNhaWnjEmqTxxtfWXRmM9Bpwynu:XD7xfA7sXe5Js+jTqTTtGl/wo
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan